Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 22/11/2010 Updated: 17/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

PGP Desktop 10.0.x prior to 10.0.3 SP2 and 10.1.0 prior to 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote malicious users to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pgp desktop for windows
pgp desktop for windows 10.0.0
pgp desktop for windows 10.0.1
pgp desktop for windows 10.0.2
pgp desktop for windows 10.0.3
pgp desktop for windows 10.1.0
pgp desktop for mac 10.1.0
pgp desktop for mac 10.0.1
pgp desktop for mac 10.0.2
pgp desktop for mac 10.0.3
pgp desktop for mac
pgp desktop for mac 10.0.0

CWE-310 https://pgp.custhelp.com/app/answers/detail/a_id/2290 http://www.cs.ru.nl/E.Verheul/papers/Govcert/Pretty%20Good%20Piggybagging%20v1.0.pdf http://www.kb.cert.org/vuls/id/300785 http://secunia.com/advisories/42307 http://secunia.com/advisories/42293 http://www.securitytracker.com/id?1024760 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101118_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/63366 https://nvd.nist.gov https://www.kb.cert.org/vuls/id/300785

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-3618

Vulnerability Summary

References

Vulmon Search

About

Products

Connect