PGP Desktop 9.0.6 Denial Of Service Vulnerability

December 23, 2008

Hi,

Today I’ve released an Advisory for PGP Desktop 9.0.6,

Advisory:
PGP Desktop 9.0.6 Denial Of Service Vulnerability.

Version Affected:
PGP Desktop 9.0.6 [Build 6060] (other version could be affected)

Component Affected:
PGPwded.sys

Release Date:
Release Date. 23 December ,2008

Description:
PGP Desktop ‘s PGPweded.sys Driver does not sanitize user supplied input (IOCTL) and this lead to a Driver Collapse that propagates on the system with a BSOD. Affected IOCTL is 0x80022038.

Proof Of Concept can be downloaded HERE

Regards,

Giuseppe ‘Evilcry’ Bonfa’