Internet threat level: 1
Home→Descriptions→SA41135
PGP Desktop Insecure Library Loading Vulnerability
| Secunia ID | |
| CVE-ID | |
| Release Date |
02 Sep 2010 |
| Last Change |
17 Sep 2010 |
| Criticality | |
| Solution Status |
Unpatched |
| Software |
PGP Desktop 10.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
A vulnerability has been discovered in PGP Desktop, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. tvttsp.dll, tsp.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a PGP file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in versions 9.9.0 Build 397 and 10.0.0 Build 2732. Other versions may also be affected. |
| Solution |
Do not open untrusted files. |
| Reported by |
Reported by an unknown person. |
| Original Advisory |
http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/ |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.