Peter Winter-Smith of NGSSoftware has discovered a medium risk vulnerability in PGP Desktop which can allow a remote authenticated attacker to execute arbitrary code on a system on which PGP Desktop is installed.
The vulnerability resides within the Windows Service which PGP Desktop installs (which operates under the Local System account), and as such it may be used by any local or remote user (who must be a member of at least the Everyone/ANONYMOUS LOGON groups) to run code with escalated privileges. NGSSoftware have not been able to exploit this issue in the context of a NULL session.
No comments:
Post a Comment