Reported April 9, 2001, by @stake.
Pretty Good Privacy 5.0 to 7.0.3 for Windows 2000, Windows NT, Windows Millennium (Me), and Windows 9x
Using Pretty Good Privacy (PGP) versions 5.0 to 7.0.3 of Windows 2000, Windows NT, Windows Millennium (Me),and Windows 9x, a malicious attacker can wrap a specially formed ASCII armored file around a file with arbitrary name and contents. After parsing the armored file by using PGP, the attacker can extract the binary file. Because of the way that Windows OSs load the .dll files, if the extracted file is a .dll file, the intruder can trick several applications into loading the .dll files and executing potentially malicious code. Users can obtain a more detailed advisory from the @stake Web site.
The vendor, Network Associates, Inc. (NAI), has released several patches to correct this vulnerability:
Discovered by Chris Anley of @stake.