QwikSec

Security Database

CVE

CWE

Training

CVE-2010-3618

Published: Nov 20, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

third-party-advisory

x_refsource_SECUNIA

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101118_00

x_refsource_CONFIRM

http://www.cs.ru.nl/E.Verheul/papers/Govcert/Pretty%20Good%20Piggybagging%20v1.0.pdf

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

pgpdesktop-openpgp-security-bypass(63366)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_CERT-VN

https://pgp.custhelp.com/app/answers/detail/a_id/2290

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.