The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of PGP Desktop: two vulnerabilities

Synthesis of the vulnerability 

A local attacker can use two vulnerabilities of PGP Desktop in order to create a denial of service or to elevate his privileges.
Impacted products: PGP Desktop.
Severity of this bulletin: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/04/2009.
Références of this threat: BID-34490, CVE-2009-0681, Positive Technologies SA 2009-01, PT-2009-01, VIGILANCE-VUL-8625.

Description of the vulnerability 

An IRP (I/O Request Packet) is used to communicate with a driver.

The PGP Desktop product installs several drivers under Windows. Two vulnerabilities impacts these drivers.

The pgpdisk.sys driver does not check addresses indicated in the IRP, which leads to a denial of service. [severity:1/4; CVE-2009-0681]

The pgpwded.sys driver does not check addresses indicated in the IRP, which leads to a denial of service or to code execution. [severity:2/4]

A local attacker can therefore use two vulnerabilities of PGP Desktop in order to create a denial of service or to elevate his privileges.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability bulletin impacts software or systems such as PGP Desktop.

Our Vigil@nce team determined that the severity of this vulnerability bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

This bulletin is about 2 vulnerabilities.

An attacker with a expert ability can exploit this threat note.

Solutions for this threat 

PGP Desktop: version 9.10.
Version 9.10 is corrected:
  http://www.pgp.com/
  https://pgp.custhelp.com/cgi-bin/pgp.cfg/php/enduser/std_adp.php?p_faqid=1014&p_topview=1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability note. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.