PGP ASCII Armor Parser Arbitrary Command Execution

2001-04-09T00:00:00
ID OSVDB:1782
Type osvdb
Reporter Chris Anley(dec0de@atstake.com)
Modified 2001-04-09T00:00:00

Description

Vulnerability Description

PGP contains a flaw that allows a remote attacker to potentially execute arbitrary code. The issue is due to the ASCII armor parser exctracting binary files which may contain .DLL files, which Windows operating systems can be tricked into executing. If an attacker sends a specially crafted armored attachment, this would allow them to execute arbitrary code or commands via the malicious DLL.

Technical Description

This vulnerability affects PGP on the following platforms: Windows 95, 98, Millennium, NT, Windows 2000

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, PGP Corporation has released a patch to address this vulnerability.

Short Description

PGP contains a flaw that allows a remote attacker to potentially execute arbitrary code. The issue is due to the ASCII armor parser exctracting binary files which may contain .DLL files, which Windows operating systems can be tricked into executing. If an attacker sends a specially crafted armored attachment, this would allow them to execute arbitrary code or commands via the malicious DLL.

References:

Vendor URL: http://www.pgp.com Other Advisory URL: http://www.atstake.com/research/advisories/2001/a040901-1.txt ISS X-Force ID: 6643 CVE-2001-0265 Bugtraq ID: 2556