PGP Desktop 9.0.6 Denial Of Service Vulnerability

Hi,

Today I’ve released an Advisory for PGP Desktop 9.0.6,

Advisory:
PGP Desktop 9.0.6 Denial Of Service Vulnerability.

Version Affected:
PGP Desktop 9.0.6 [Build 6060] (other version could be affected)

Component Affected:
PGPwded.sys

Release Date:
Release Date. 23 December ,2008

Description:
PGP Desktop ‘s PGPweded.sys Driver does not sanitize user supplied input (IOCTL) and this lead to a Driver Collapse that propagates on the system with a BSOD. Affected IOCTL is 0x80022038.

Proof Of Concept can be downloaded HERE

Regards,

Giuseppe ‘Evilcry’ Bonfa’

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: