CVE-2009-0681

EUVD-2009-0681
PGP Desktop before 9.10 allows local users to (1) cause a denial of service (crash) via a crafted IOCTL request to pgpdisk.sys, and (2) cause a denial of service (crash) and execute arbitrary code via a crafted IRP in an IOCTL request to pgpwded.sys.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
pgpdesktop
𝑥
≤ 9.9.0
pgpdesktop
𝑥
≤ 9.9.0
pgpdesktop
8.0
pgpdesktop
8.0
pgpdesktop
9.0
pgpdesktop
9.0
pgpdesktop
9.0.6
pgpdesktop
9.0.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://en.securitylab.ru/lab/PT-2009-01
http://www.securityfocus.com/archive/1/502633/100/0/threaded
http://www.securitytracker.com/id?1022034
https://pgp.custhelp.com/cgi-bin/pgp.cfg/php/enduser/std_adp.php?p_faqid=1014&p_topview=1
http://en.securitylab.ru/lab/PT-2009-01
http://www.securityfocus.com/archive/1/502633/100/0/threaded
http://www.securitytracker.com/id?1022034
https://pgp.custhelp.com/cgi-bin/pgp.cfg/php/enduser/std_adp.php?p_faqid=1014&p_topview=1