Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Windows >> PGP Desktop PGPserv Arbitrary Code Execution Vulnerability


Vulnerability Assessment Details

PGP Desktop PGPserv Arbitrary Code Execution Vulnerability

Vulnerability Assessment Summary
Checks version of PGP Desktop

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote Windows host has an application that is affected by a
privilege escalation issue.

Description :

The version of PGP Desktop installed on the remote host reportedly can
permit a remote authenticated user to execute arbitrary code on the
affected host with LOCAL SYSTEM rights. The issue arises because
the software operates a service named 'PGPServ' or 'PGPsdkServ' that
exposes a named pipe that fails to validate the object data passed to
it.

See also :

http://www.nessus.org/u?eaff6760
http://www.securityfocus.com/archive/1/458137/30/0/threaded

Solution :

Upgrade to PGP Desktop version 9.5.2 or later, as the change log suggests
the issue has been addressed in that version.

Network Security Threat Level:

Medium / CVSS Base Score : 4.8
(AV:R/AC:H/Au:R/C:C/I:C/A:C/B:N)

Networks Security ID: 22247

Vulnerability Assessment Copyright: This script is Copyright (C) 2007 Tenable Network Security

Cables, Connectors


HP Workstation Z640 2x Xeon E5-2623V4 32GB Ram 2x 256GB SSD Quadro 2000 Linux GA picture

HP Workstation Z640 2x Xeon E5-2623V4 32GB Ram 2x 256GB SSD Quadro 2000 Linux GA

$249.99



Dell T7810 Workstation 1x E5-2603 v3 16GB RAM Nvidia QUADRO +cables picture

Dell T7810 Workstation 1x E5-2603 v3 16GB RAM Nvidia QUADRO +cables

$120.00



HP Workstation Z640 2x Xeon E5-2623V4 32GB Ram Dual 256GB SSD K420 Linux GA picture

HP Workstation Z640 2x Xeon E5-2623V4 32GB Ram Dual 256GB SSD K420 Linux GA

$214.98



Dell Precision 5810 Workstation Xeon E5-1650 6C 3.5GHz 16GB 500GB Win10 K2200 picture

Dell Precision 5810 Workstation Xeon E5-1650 6C 3.5GHz 16GB 500GB Win10 K2200

$115.94



Dell Intel® Xeon® Processor E5-2698 v4 Lightly Used picture

Dell Intel® Xeon® Processor E5-2698 v4 Lightly Used

$64.00



SR1XP Intel Xeon E5-2680 v3 12 Core 30MB 2.5GHz LGA 2011-3 Grade A Processor picture

SR1XP Intel Xeon E5-2680 v3 12 Core 30MB 2.5GHz LGA 2011-3 Grade A Processor

$3.96



Genuine Intel Xeon E5-2680V4 2.40Ghz 14-Core 35MB LGA2011 CPU P/N: SR2N7 picture

Genuine Intel Xeon E5-2680V4 2.40Ghz 14-Core 35MB LGA2011 CPU P/N: SR2N7

$14.99



Intel Xeon E5-2699 v3 2.3GHz 18-Core 45MB 145W LGA2011-3 CPU/Processor SR1XD picture

Intel Xeon E5-2699 v3 2.3GHz 18-Core 45MB 145W LGA2011-3 CPU/Processor SR1XD

$40.99



1U Supermicro Server 10 Bay 2x Intel Xeon 3.3Ghz 8C 128GB RAM 480GB SSD 2x 10GBE picture

1U Supermicro Server 10 Bay 2x Intel Xeon 3.3Ghz 8C 128GB RAM 480GB SSD 2x 10GBE

$273.00



Apple MAC Pro A1481 Late 2013 Xeon Quad-Core 3.7GHz 32GB 1TB SSD FirePro D300 picture

Apple MAC Pro A1481 Late 2013 Xeon Quad-Core 3.7GHz 32GB 1TB SSD FirePro D300

$285.00



Discussions

No Discussions have been posted on this vulnerability.