4 matches found
CVE-2009-0681
PGP Desktop before 9.10 is affected by local DoS and code execution vulnerabilities in two IOCTL handlers. Specifically, pgpdisk.sys and pgpwded.sys fail to properly validate Irp/buffer data, allowing local attackers to crash the system or, for pgpwded.sys, crash or execute arbitrary code with SY...
CVE-2010-3397
CVE-2010-3397 affects Symantec PGP Desktop (versions including 9.9.0 build 397, 9.10.x, 10.0.0 build 2732 and likely others). Root cause is an untrusted search path vulnerability allowing DLL hijacking via tsp.dll or tvttsp.dll located in the same folder as credential/key files (.p12, .pem, .pgp,...
CVE-2008-5731
Summary of CVE-2008-5731 : The PGP Desktop product (PGPwded.sys and related IOCTL handling in pgpdisk.sys) is vulnerable to local DoS and potential privilege escalation. The issue arises from insufficient boundary checks on IRP data in certain METHOD_BUFFERED IOCTL requests, enabling memory overw...
CVE-2005-4151
The CVE-2005-4151 entry concerns the Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier. The issue is that the utility does not clear file slack space in the last cluster for a file, enabling local users to access previous contents of the disk. A...