Unrated severityNVD Advisory· Published Jan 30, 2007· Updated Apr 23, 2026

CVE-2007-0603

Description

PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address.

Affected products

PGP Corporation/Corporate Desktop
cpe:2.3:a:pgp:corporate_desktop:9.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/23938nvdVendor Advisory
www.ngssoftware.com/advisories/medium-risk-vulnerability-in-pgp-desktop/nvdVendor Advisory
www.kb.cert.org/vuls/id/102465nvdUS Government Resource
archives.neohapsis.com/archives/vulnwatch/2007-q1/0025.htmlnvd
osvdb.org/32969nvd
osvdb.org/32970nvd
securityreason.com/securityalert/2203nvd
securitytracker.com/idnvd
www.securityfocus.com/archive/1/458137/100/0/threadednvd
www.securityfocus.com/bid/22247nvd
www.vupen.com/english/advisories/2007/0356nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.010
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000