Network Associates' PGP Desktop Security 7.0.4, PGP Personal Security 7.0.3, and PGP Freeware 7.0.3 contain a flaw that could let attackers take control of systems, according to eEye Digital Security.

InformationWeek Staff, Contributor

July 11, 2002

1 Min Read

Users of Network Associates' PGP Desktop Security 7.0.4, Users of Network Associates' PGP Desktop Security 7.0.4, PGP Personal Security 7.0.3, and PGP Freeware 7.0.3 are being warned that the popular encryption software contains a serious security vulnerability that could let attackers take control of their systems, and even compromise secure communications if the attacker installs keystroke-logging software as part of the attack.

The flaw doesn't affect the PGP, Pretty Good Privacy, encryption software itself but rather the PGP plug-in for Microsoft Outlook E-mail used to encrypt sensitive E-mail messages, according to eEye Digital Security.

PGP is widely available for download on the Web as freeware and is used by law-enforcement and U.S. intelligence agencies.

Outlook users who merely select a malicious E-mail containing carefully crafted code could find their systems hacked, eEye says. "This can lead to the compromise of the target's machine, as well as their PGP-encrypted communications," according to eEye's advisory.

Network Associates has made a patch available for download at http://www.nai.com/naicommon/download/upgrade/patches/patch-pgphotfix.asp.

According to the advisory, PGP Corporate Desktop users aren't affected.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights