Newsletter:

Skip Navigation LinksHome > News > Security > Flaw found in PGP Desktop encryption tool

Site Map |

Flaw found in PGP Desktop encryption tool

By Iain Thomson
29 January 2007 09:54AM
Tags: flaw | pgp | desktop | encryption | tool

Users urged to upgrade to block intrusion.

Users of the popular PGP Desktop encryption tool are being urged to upgrade to the latest version of the software after the discovery of a flaw in the code.

The flaw exists in the Windows Service which PGP Desktop installs, and could be used by any local or remote user to run code with escalated privileges.

Vulnerability testers NGS Software rated the flaw as a 'medium risk' and said that it affects versions of the software earlier than PGP Desktop 9.5.1.

"The vulnerability occurs because the code responsible for processing the objects passed over the interface to the service does not perform any kind of validation on these objects," said Peter Winter-Smith of NGS Software.

"Instead it trusts that the object data is completely safe in the form that it is received, i.e. absolute pointers are trusted without validation."

The company does not yet have a workaround and is urging all PGP Desktop users to upgrade as a matter of urgency.

Copyright © 2008 vnunet.com

   


Ads by Google


Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 


 
Tripwire - Click here to win an iTouch



Tags

attackers crack critical desktop encryption flaw google hits ibm linux microsoft open patches releases security tool virtualisation warns web windows


Product Reviews

AdventNet ManageEngine
Star Rating
The AdventNet Manage-Engine Password Manager Pro provides a complete system for password management in one...
Cyber-Ark Software Enterprise Password Vault
Star Rating
The Cyber-Ark Enterprise Password Vault, or EPV, is a high-end password management powerhouse.
Hitachi ID Systems ID-Archive
Star Rating
The Hitachi ID-Archive sets its focus on password randomisation.
Lieberman Software Enterprise Random PM
Star Rating
The Lieberman Software Enterprise Random Pass­word Manager is a full-on password manager and randomiser for...
Proginet Corporation SecurForce
Star Rating
Proginet SecurForce is a little bit of a horse of a different color for this month's Group Test.
Unified Communications Podcast Centre

TopTopics
(6649) -  internet
(6417) -  iinet
(6392) -  copyright
(6392) -  afact
(5990) -  servers
(5990) -  mipi
(4809) -  telstra
(4499) -  broadband
(4441) -  nbn
(2945) -  internode
(2484) -  microsoft
(1885) -  network
(1473) -  data
(1412) -  software
(1365) -  google