Today I’ve released an Advisory for PGP Desktop 9.0.6,
PGP Desktop 9.0.6 Denial Of Service Vulnerability.
PGP Desktop 9.0.6 [Build 6060] (other version could be affected)
Release Date. 23 December ,2008
PGP Desktop ‘s PGPweded.sys Driver does not sanitize user supplied input (IOCTL) and this lead to a Driver Collapse that propagates on the system with a BSOD. Affected IOCTL is 0x80022038.
Proof Of Concept can be downloaded HERE
Giuseppe ‘Evilcry’ Bonfa’