PGP Desktop 10.0.x prior to 10.0.3 SP2 and 10.1.0 prior to 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote malicious users to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pgp desktop for windows |
||
pgp desktop for windows 10.0.0 |
||
pgp desktop for windows 10.0.1 |
||
pgp desktop for windows 10.0.2 |
||
pgp desktop for windows 10.0.3 |
||
pgp desktop for windows 10.1.0 |
||
pgp desktop for mac 10.1.0 |
||
pgp desktop for mac 10.0.1 |
||
pgp desktop for mac 10.0.2 |
||
pgp desktop for mac 10.0.3 |
||
pgp desktop for mac |
||
pgp desktop for mac 10.0.0 |