The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of PGP Desktop: privilege elevation

Synthesis of the vulnerability 

A local attacker can obtain System privileges via a vulnerability of PGP Desktop service.
Impacted products: PGP Desktop.
Severity of this bulletin: 2/4.
Creation date: 26/01/2007.
Références of this threat: BID-22247, CVE-2007-0603, VIGILANCE-VUL-6501, VU#102465.

Description of the vulnerability 

The PGPServ.exe/PGPsdkServ.exe service is installed by PGP Desktop. This service runs with System privileges. Local clients (PGP.dll/PGPsdk.dll) communicate with this service via the "\pipe\pgpserv"/"\pipe\pgpsdkserv" named pipe.

However, messages received by this service are not checked. A local attacker can for example use a RPC structure containing a pointer to a memory area where code to be executed is located.

This vulnerability therefore permits a local attacker to execute code with System privileges.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness note impacts software or systems such as PGP Desktop.

Our Vigil@nce team determined that the severity of this security bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this weakness announce.

Solutions for this threat 

PGP Desktop: version 9.5.1.
Version 9.5.1 is corrected:
  http://www.pgp.com/
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a networks vulnerabilities bulletin. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.