2 results (0.011 seconds)

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message. • http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=528 http://www.securityfocus.com/bid/3825 https://exchange.xforce.ibmcloud.com/vulnerabilities/7900 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. • http://www.ciac.org/ciac/bulletins/m-034.shtml http://www.iss.net/security_center/static/7953.php http://www.securityfocus.com/archive/1/251565 http://www.securityfocus.com/bid/3912 http://www.seifried.org/security/advisories/kssa-003.html • CWE-459: Incomplete Cleanup •