Release date:
Updated on:
Affected Systems:
Symantec PGP Desktop 10.2.0 Build 2599
Description:
--------------------------------------------------------------------------------
Symantec PGP Desktop is a powerful encryption software that provides encryption functions such as files, folders, emails, and instant messaging.
The kernel driver pgpwded. sys included with Symantec PGP Desktop has an arbitrary memory overwrite vulnerability when processing IOCTL 0x80022058. Attackers can exploit this vulnerability to execute arbitrary code in the kernel.
Affected file: pgpwded. sys v10.2.0.2599
<* Source: unknown
Link: http://pastebin.com/pEBSjsmC
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Symantec
--------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.symantec.com/business/security_response/