CVE-2008-5731 - The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.

CVE-2008-5731

Summary

The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service (system crash) and possibly gain privileges via a certain METHOD_BUFFERED IOCTL request that overwrites portions of memory, related to a "Driver Collapse." NOTE: some of these details are obtained from third party information.

References

Vulnerable Configurations

cpe:2.3:a:pgp:desktop:9.0.6:*:*:*:*:*:*:*
cpe:2.3:a:pgp:desktop:9.0.6:*:*:*:*:*:*:*
cpe:2.3:a:pgp:desktop:9.9.0:*:*:*:*:*:*:*
cpe:2.3:a:pgp:desktop:9.9.0:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 11-10-2018 - 20:56)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	32991
bugtraq	20081223 PGP Desktop 9.0.6 Denial Of Service - ZeroDay
exploit-db	7556
misc	http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service.php http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service_POC.php
osvdb	50914
sectrack	1021493
secunia	33310
sreason	4811

Last major update

11-10-2018 - 20:56

Published

26-12-2008 - 17:30

Last modified

11-10-2018 - 20:56