VDB
CVE-2007-0603
CVE-2007-0603
PUBLISHED
CVSS 7.099999904632568 HIGH
PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address.
EPSS 12.18% · 94.0th percentile
Risk Scores
CVSS 2.0
7.099999904632568
EPSS Score
12.18%
94.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| pgp | corporate_desktop | 9.5 |
| n/a | n/a | n/a |
Timeline
- Jan 30, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- 1017563 vdb
- 20070125 Medium Risk Vulnerability in PGP Desktop mailing-list
- 2203 third-party-advisory
- http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-pgp-desktop/ url
- 32970 vdb
- 22247 vdb
- 20070125 Medium Risk Vulnerability in PGP Desktop mailing-list
- 23938 third-party-advisory
- ADV-2007-0356 vdb
- 32969 vdb
- VU#102465 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2007-0603 advisory
- http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-pgp-desktop url