{"id": "SECURITYVULNS:VULN:7114", "bulletinFamily": "software", "title": "PGP Desktop code execution", "description": "PGPServ.exe/PGPsdkServ.exe Service doesn't validate data received through named pipe \pipe\pgpserv or \pipe\pgpsdkser.", "published": "2007-01-28T00:00:00", "modified": "2007-01-28T00:00:00", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7114", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:15872"], "cvelist": ["CVE-2007-0603"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:22", "edition": 1, "viewCount": 0, "enchantments": {"score": {"value": 6.7, "vector": "NONE", "modified": "2018-08-31T11:09:22", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-0603"]}, {"type": "osvdb", "idList": ["OSVDB:32969", "OSVDB:32970"]}, {"type": "cert", "idList": ["VU:102465"]}, {"type": "nessus", "idList": ["PGP_DESKTOP_PGPSERV_PRIV_ESCALATION.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:15872"]}], "modified": "2018-08-31T11:09:22", "rev": 2}, "vulnersScore": 6.7}, "affectedSoftware": [{"name": "PGP Desktop", "operator": "eq", "version": "9.5"}]}

{"cve": [{"lastseen": "2021-02-02T05:31:20", "description": "PGP Desktop before 9.5.1 does not validate data objects received over the (1) \\pipe\\pgpserv named pipe for PGPServ.exe or the (2) \\pipe\\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address.", "edition": 4, "cvss3": {}, "published": "2007-01-30T18:28:00", "title": "CVE-2007-0603", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.1, "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0603"], "modified": "2018-10-16T16:33:00", "cpe": ["cpe:/a:pgp:corporate_desktop:9.5"], "id": "CVE-2007-0603", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0603", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:pgp:corporate_desktop:9.5:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "cvelist": ["CVE-2007-0603"], "description": "# No description provided by the source\n\n## References:\nSecurity Tracker: 1017563\n[Secunia Advisory ID:23938](https://secuniaresearch.flexerasoftware.com/advisories/23938/)\n[Related OSVDB ID: 32970](https://vulners.com/osvdb/OSVDB:32970)\nOther Advisory URL: http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-pgp-desktop/\nMail List Post: http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0025.html\nFrSIRT Advisory: ADV-2007-0356\n[CVE-2007-0603](https://vulners.com/cve/CVE-2007-0603)\nCERT VU: 102465\nBugtraq ID: 22247\n", "edition": 1, "modified": "2007-01-25T05:19:04", "published": "2007-01-25T05:19:04", "href": "https://vulners.com/osvdb/OSVDB:32969", "id": "OSVDB:32969", "title": "PGP Desktop PGPsdkServ.exe Crafted Data Object Arbitrary Code Execution", "type": "osvdb", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "cvelist": ["CVE-2007-0603"], "description": "# No description provided by the source\n\n## References:\nSecurity Tracker: 1017563\n[Secunia Advisory ID:23938](https://secuniaresearch.flexerasoftware.com/advisories/23938/)\n[Related OSVDB ID: 32969](https://vulners.com/osvdb/OSVDB:32969)\nOther Advisory URL: http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-pgp-desktop/\nMail List Post: http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0025.html\nFrSIRT Advisory: ADV-2007-0356\n[CVE-2007-0603](https://vulners.com/cve/CVE-2007-0603)\nCERT VU: 102465\nBugtraq ID: 22247\n", "edition": 1, "modified": "2007-01-25T05:19:04", "published": "2007-01-25T05:19:04", "href": "https://vulners.com/osvdb/OSVDB:32970", "id": "OSVDB:32970", "title": "PGP Desktop PGPServ.exe Crafted Data Object Arbitrary Code Execution", "type": "osvdb", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2020-09-18T20:42:54", "bulletinFamily": "info", "cvelist": ["CVE-2007-0603"], "description": "### Overview \n\nPGP Desktop fails to properly validate objects passed into the PGP Desktop service. This vulnerability may allow a remote, authenticated attacker to execute arbitrary code.\n\n### Description \n\nPGP Desktop versions prior to 9.5.1 fail to properly validate objects passed into the PGP Desktop service (PGPServ.exe/PGPsdkServ.exe). This service is installed by PGP Desktop to transport objects and data between the PGP clients and the PGP Desktop service. The PGP Desktop service fails to properly validate user-supplied data. This may allow a remote, authenticated attacker to overwrite arbitrary memory. \n \n--- \n \n### Impact \n\nA remote, authenticated attacker may be able to execute arbitrary code, possibly with elevated privileges. \n \n--- \n \n### Solution \n\n**Upgrade**\n\nPGP has addressed this issue in [PGP version 9.5.1 ](<http://www.pgp.com/index.html>)and above. \n \n--- \n \n**Workarounds**\n\n \nPGP has provided the following workarounds: \n \n1\\. Turn off Windows Filesharing. This is the definitive way to eliminate the problem since disabling Windows Filesharing would prevent the attack. \n2\\. Use a third-party Personal Firewall, or the built-in Windows XP SP2 Firewall. Block foreign connections to your RPC/Filesharing services. \n \n--- \n \n### Vendor Information\n\n102465\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### PGP Corporation __ Affected\n\nUpdated: January 31, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see PGP [FAQ 703](<https://pgp.custhelp.com/cgi-bin/pgp.cfg/php/enduser/std_adp.php?p_faqid=703>) for further information.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23102465 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <https://pgp.custhelp.com/cgi-bin/pgp.cfg/php/enduser/std_adp.php?p_faqid=703>\n * <http://secunia.com/advisories/23938/>\n * <http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-pgp-desktop/>\n * [http://www.itnews.com.au/newsstory.aspx?CIaNID=44982&amp;src=site-marq](<http://www.itnews.com.au/newsstory.aspx?CIaNID=44982&src=site-marq>)\n * <http://www.vnunet.com/vnunet/news/2173564/flaw-found-pgp-encryption>\n\n### Acknowledgements\n\nThis vulnerability was reported by Peter Winter-Smith of NGSSoftware.\n\nThis document was written by Katie Steiner.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2007-0603](<http://web.nvd.nist.gov/vuln/detail/CVE-2007-0603>) \n---|--- \n**Severity Metric:** | 4.04 \n**Date Public:** | 2007-01-25 \n**Date First Published:** | 2007-01-31 \n**Date Last Updated: ** | 2007-02-12 09:15 UTC \n**Document Revision: ** | 25 \n", "modified": "2007-02-12T09:15:00", "published": "2007-01-31T00:00:00", "id": "VU:102465", "href": "https://www.kb.cert.org/vuls/id/102465", "type": "cert", "title": "PGP Desktop service fails to validate user supplied data", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-02-01T05:19:39", "description": "The version of PGP Desktop installed on the remote host reportedly can\nallow a remote, authenticated user to execute arbitrary code on the\naffected host with LOCAL SYSTEM privileges. The issue arises because\nthe software operates a service named 'PGPServ' or 'PGPsdkServ' that\nexposes a named pipe that fails to validate the object data passed to\nit.", "edition": 26, "published": "2007-01-26T00:00:00", "title": "PGP Desktop PGPserv Crafted Data Object Arbitrary Code Execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0603"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:pgp:desktop_for_windows", "cpe:/a:symantec:encryption_desktop"], "id": "PGP_DESKTOP_PGPSERV_PRIV_ESCALATION.NASL", "href": "https://www.tenable.com/plugins/nessus/24246", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24246);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\"CVE-2007-0603\");\n script_bugtraq_id(22247);\n\n script_name(english:\"PGP Desktop PGPserv Crafted Data Object Arbitrary Code Execution\");\n script_summary(english:\"Checks version of PGP Desktop\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is affected by a\nprivilege escalation issue.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of PGP Desktop installed on the remote host reportedly can\nallow a remote, authenticated user to execute arbitrary code on the\naffected host with LOCAL SYSTEM privileges. The issue arises because\nthe software operates a service named 'PGPServ' or 'PGPsdkServ' that\nexposes a named pipe that fails to validate the object data passed to\nit.\");\n # http://www.nccgroup.com/en/our-services/security-testing-audit-compliance/information-security-software/#.USPpevKnfkI\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eaff6760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/458137/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PGP Desktop version 9.5.2 or later, as the change log\nsuggests the issue has been addressed in that version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:pgp:desktop_for_windows\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:symantec:encryption_desktop\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"pgp_desktop_installed.nasl\");\n script_require_keys(\"SMB/symantec_encryption_desktop/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp = 'PGP Desktop';\nkb_base = \"SMB/symantec_encryption_desktop/\";\nport = kb_smb_transport();\n\nversion = get_kb_item_or_exit(kb_base + \"Version\");\npath = get_kb_item_or_exit(kb_base + \"Path\");\n\nfix = \"9.5.2.0\";\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}]}