|
Family: Windows --> Category: infos
PGP Desktop PGPserv Arbitrary Code Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks version of PGP Desktop
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote Windows host has an application that is affected by a
privilege escalation issue.
Description :
The version of PGP Desktop installed on the remote host reportedly can
allow a remote authenticated user to execute arbitrary code on the
affected host with LOCAL SYSTEM rights. The issue arises because
the software operates a service named 'PGPServ' or 'PGPsdkServ' that
exposes a named pipe that fails to validate the object data passed to
it.
See also :
http://www.nessus.org/u?eaff6760
http://www.securityfocus.com/archive/1/458137/30/0/threaded
Solution :
Upgrade to PGP Desktop version 9.5.2 or later, as the change log suggests
the issue has been addressed in that version.
Threat Level:
Medium / CVSS Base Score : 4.8
(AV:R/AC:H/Au:R/C:C/I:C/A:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|