CVE-2008-5731

PGP Desktop 9.0.6 - 'PGPwded.sys' Local Denial of Service

Severity Score

4.9

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service (system crash) and possibly gain privileges via a certain METHOD_BUFFERED IOCTL request that overwrites portions of memory, related to a "Driver Collapse." NOTE: some of these details are obtained from third party information.

El driver del dispositivo GPwded (también conocido como PGPwded.sys) en PGP Corporation PGP Desktop 9.0.6 versión 6060 y 9.9.0 versión 397 permite a usuarios locales provocar una denegación de servicio (caída del sistema) y posiblemente obtener privilegios mediante una cierta petición METHOD_BUFFERED IOCTL que sobrescribe porciones de memoria, relacionado con una "caída del driver". NOTA: algunos de estos detalles se han obtenido de información de terceros.

*Credits: N/A

CVSS Scores

NISTv2 4.9

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-12-26 CVE Reserved
2008-12-26 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
2024-08-07 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-399: Resource Management Errors

CAPEC

References (9)

URL	Tag	Source
http://osvdb.org/50914	Vdb Entry
http://securityreason.com/securityalert/4811	Third Party Advisory
http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service.php	X_refsource_misc
http://www.securityfocus.com/archive/1/499572/100/0/threaded	Mailing List
http://www.securitytracker.com/id?1021493	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/7556	2024-08-07
http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service_POC.php	2024-08-07
http://www.securityfocus.com/bid/32991	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/33310	2018-10-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Pgp Search vendor "Pgp"		Desktop Search vendor "Pgp" for product "Desktop"				9.0.6 Search vendor "Pgp" for product "Desktop" and version "9.0.6"		-		Affected
Pgp Search vendor "Pgp"		Desktop Search vendor "Pgp" for product "Desktop"				9.9.0 Search vendor "Pgp" for product "Desktop" and version "9.9.0"		-		Affected