• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PGP Desktop Filename Buffer Overflow Vulnerability

It has been reported that PGP Corporate Desktop (and possibly other versions) are vulnerable to a stack overrun condition. The overflow occurs immediately after decryption of a malicious encrypted file. Exploitation may allow for attackers to execute code on recipient systems. Furthermore, the passphrase string in memory is not cleared when the overrun occurs. Shellcode could conceivably be written to obtain the passphrase and transmit it to the attacker.