Unrated severityNVD Advisory· Published Nov 22, 2010· Updated Apr 29, 2026
CVE-2010-3618
CVE-2010-3618
Description
PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue.
Affected products
12cpe:2.3:a:pgp:desktop_for_mac:10.0.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:pgp:desktop_for_mac:10.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:pgp:desktop_for_mac:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pgp:desktop_for_mac:10.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:pgp:desktop_for_mac:10.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:pgp:desktop_for_mac:10.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:pgp:desktop_for_mac:*:sp1:*:*:*:*:*:*range: <=10.0.3
cpe:2.3:a:pgp:desktop_for_windows:10.0.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:pgp:desktop_for_windows:10.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:pgp:desktop_for_windows:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pgp:desktop_for_windows:10.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:pgp:desktop_for_windows:10.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:pgp:desktop_for_windows:10.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:pgp:desktop_for_windows:*:sp1:*:*:*:*:*:*range: <=10.0.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.cs.ru.nl/E.Verheul/papers/Govcert/Pretty%20Good%20Piggybagging%20v1.0.pdfnvdExploit
- pgp.custhelp.com/app/answers/detail/a_id/2290nvdVendor Advisory
- www.kb.cert.org/vuls/id/300785nvdUS Government Resource
- secunia.com/advisories/42293nvd
- secunia.com/advisories/42307nvd
- www.securitytracker.com/idnvd
- www.symantec.com/security_response/securityupdates/detail.jspnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/63366nvd
News mentions
0No linked articles in our index yet.