Windows PGP ASCII Armor Parser Vulnerability

Reported April 9, 2001, by @stake.

VERSION AFFECTED

  • Pretty Good Privacy 5.0 to 7.0.3 for Windows 2000, Windows NT, Windows Millennium (Me), and Windows 9x

DESCRIPTION 

Using Pretty Good Privacy (PGP) versions 5.0 to 7.0.3 of Windows 2000, Windows NT, Windows Millennium (Me),and Windows 9x, a malicious attacker can wrap a specially formed ASCII armored file around a file with arbitrary name and contents. After parsing the armored file by using PGP, the attacker can extract the binary file. Because of the way that Windows OSs load the .dll files, if the extracted file is a .dll file, the intruder can trick several applications into loading the .dll files and executing potentially malicious code. Users can obtain a more detailed advisory from the @stake Web site.

VENDOR RESPONSE

 

The vendor, Network Associates, Inc. (NAI), has released several patches to correct this vulnerability:

 

PGP Desktop Security 7.0.4 Hotfix 1

PGPfreeware 7.0.3 Hotfix 1

 

CREDIT

Discovered by Chris Anley of @stake.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish