{"vuid":"VU#821139","idnumber":"821139","name":"Network Associates PGP Outlook Plug-in contains buffer overflow in decoding mechanism","keywords":["Network Associates","NAI","Pretty Good Privacy","PGP","Plug-in","buffer overflow","decoding mechanism","remotely exploitable"],"overview":"A remotely exploitable buffer overflow exists in the Network Associates PGP Outlook Plug-in.","clean_desc":"As reported in eEye Digital Security Advisory AD20020710, a remotely exploitable buffer overflow exists in the PGP Outlook Plug-in. By sending a specially crafted message to a victim, an attacker can execute arbitrary code on the target system.","impact":"A remote attacker can execute arbitrary code on the target system with the privileges of the user running the PGP Outlook Plug-in. As a result, the attacker could do anything the victim could do, including reading sensitive data on the vulnerable system.","resolution":"Apply the patch.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by eEye Digital Security.","author":"This document was written by Ian A Finlay.","public":["http://www.nai.com/naicommon/download/upgrade/patches/patch-pgphotfix.asp","http://www.eeye.com/html/Research/Advisories/AD20020710.html","http://www.theregister.co.uk/content/4/26145.html"],"cveids":["CVE-2002-0685"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-07-11T15:58:36Z","publicdate":"2002-07-10T00:00:00Z","datefirstpublished":"2002-07-11T17:28:25Z","dateupdated":"2002-07-11T17:29:54Z","revision":15,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"10","cam_internetinfrastructure":"3","cam_population":"5","cam_impact":"20","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"21","cam_scorecurrentwidelyknown":"24.75","cam_scorecurrentwidelyknownexploited":"32.25","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":21.0,"vulnote":null}