CVE-2001-0265

Windows PGP <7.0.3 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0265. PoCs published by Chris Anley.

AI-analyzed exploit summary The exploit describes a flaw in PGP's ASCII Armor decoder that allows an attacker to create arbitrary files on a user's system when a maliciously crafted .sig file is opened for verification. The vulnerability stems from improper handling of the decoded content, enabling file creation with attacker-controlled data.

Description

ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Chris Anley · textremotemultiple
https://www.exploit-db.com/exploits/20738

The exploit describes a flaw in PGP's ASCII Armor decoder that allows an attacker to create arbitrary files on a user's system when a maliciously crafted .sig file is opened for verification. The vulnerability stems from improper handling of the decoded content, enabling file creation with attacker-controlled data.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: PGP (Pretty Good Privacy) with ASCII Armor decoder
No auth needed
Prerequisites: Victim must open a maliciously crafted .sig file in PGP for verification
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2556
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/1782
Patch, Vendor Advisory vendor-advisory x_refsource_atstake
http://www.atstake.com/research/advisories/2001/a040901-1.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6643

Scores

EPSS 0.0072
EPSS Percentile 49.3%

Details

Status published
Products (2)
pgp/pgp 5
pgp/pgp < 7.0.3
Published Jun 18, 2001
Tracked Since Feb 18, 2026