CVE-2010-3397

Name of the Vulnerable Software and Affected Versions PGP Desktop versions 9.9.0 Build 397 through 10.0.0 Build 2732 PGP Desktop version 9.10.x

Description The issue allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks. This can be achieved via a Trojan horse tsp.dll or tvttsp.dll located in the same folder as certain files, including .p12, .pem, .pgp, .prk, .prvkr, .pubkr, .rnd, or .skr files.

Recommendations For PGP Desktop versions 9.9.0 Build 397 through 10.0.0 Build 2732, consider restricting access to the affected file types until a patch is available. For PGP Desktop version 9.10.x, avoid using the software with untrusted search paths to minimize the risk of exploitation. As a temporary workaround, consider disabling the use of tsp.dll and tvttsp.dll files in the affected software until a patch is available.