CVE-2010-3618

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue.

PGP Desktop v10.0.x anterior a v10.0.3 SP2 y v10.1.0 anterior a v10.1.0 SP1 no implementa adecuadamente la funcionalidad "Descifrar/Verificar archivo a través de Clic-Derecho" para mensajes OpenPGP multi-empaquetados que representan entradas multi-mensaje, lo que premite a atacantes remotos falsear datos firmados concatenando un mensaje adicional al final del mensaje firmado legitimamente, relacionado con un fallo "piggy-back" o "inyección de datos sin firmar".

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-09-27 CVE Reserved
2010-11-20 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-310: Cryptographic Issues

CAPEC

References (8)

URL	Tag	Source
http://secunia.com/advisories/42293	Third Party Advisory
http://secunia.com/advisories/42307	Third Party Advisory
http://www.kb.cert.org/vuls/id/300785	Third Party Advisory
http://www.securitytracker.com/id?1024760	Vdb Entry
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101118_00	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/63366	Vdb Entry

URL	Date	SRC
http://www.cs.ru.nl/E.Verheul/papers/Govcert/Pretty%20Good%20Piggybagging%20v1.0.pdf	2024-08-07

URL	Date	SRC

URL	Date	SRC
https://pgp.custhelp.com/app/answers/detail/a_id/2290	2017-08-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Pgp Search vendor "Pgp"		Desktop For Windows Search vendor "Pgp" for product "Desktop For Windows"				<= 10.0.3 Search vendor "Pgp" for product "Desktop For Windows" and version " <= 10.0.3"		sp1		Affected
Pgp Search vendor "Pgp"		Desktop For Windows Search vendor "Pgp" for product "Desktop For Windows"				10.0.0 Search vendor "Pgp" for product "Desktop For Windows" and version "10.0.0"		-		Affected
Pgp Search vendor "Pgp"		Desktop For Windows Search vendor "Pgp" for product "Desktop For Windows"				10.0.1 Search vendor "Pgp" for product "Desktop For Windows" and version "10.0.1"		-		Affected
Pgp Search vendor "Pgp"		Desktop For Windows Search vendor "Pgp" for product "Desktop For Windows"				10.0.2 Search vendor "Pgp" for product "Desktop For Windows" and version "10.0.2"		-		Affected
Pgp Search vendor "Pgp"		Desktop For Windows Search vendor "Pgp" for product "Desktop For Windows"				10.0.3 Search vendor "Pgp" for product "Desktop For Windows" and version "10.0.3"		-		Affected
Pgp Search vendor "Pgp"		Desktop For Windows Search vendor "Pgp" for product "Desktop For Windows"				10.1.0 Search vendor "Pgp" for product "Desktop For Windows" and version "10.1.0"		-		Affected
Pgp Search vendor "Pgp"		Desktop For Mac Search vendor "Pgp" for product "Desktop For Mac"				<= 10.0.3 Search vendor "Pgp" for product "Desktop For Mac" and version " <= 10.0.3"		sp1		Affected
Pgp Search vendor "Pgp"		Desktop For Mac Search vendor "Pgp" for product "Desktop For Mac"				10.0.0 Search vendor "Pgp" for product "Desktop For Mac" and version "10.0.0"		-		Affected
Pgp Search vendor "Pgp"		Desktop For Mac Search vendor "Pgp" for product "Desktop For Mac"				10.0.1 Search vendor "Pgp" for product "Desktop For Mac" and version "10.0.1"		-		Affected
Pgp Search vendor "Pgp"		Desktop For Mac Search vendor "Pgp" for product "Desktop For Mac"				10.0.2 Search vendor "Pgp" for product "Desktop For Mac" and version "10.0.2"		-		Affected
Pgp Search vendor "Pgp"		Desktop For Mac Search vendor "Pgp" for product "Desktop For Mac"				10.0.3 Search vendor "Pgp" for product "Desktop For Mac" and version "10.0.3"		-		Affected
Pgp Search vendor "Pgp"		Desktop For Mac Search vendor "Pgp" for product "Desktop For Mac"				10.1.0 Search vendor "Pgp" for product "Desktop For Mac" and version "10.1.0"		-		Affected