CVE-2002-0788

MEDIUM

PGP 7.0.3 - Info Disclosure

Title source: llm

Description

An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information.

References (5)

[Broken Link, Patch, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2002-05/0052.html

[Third Party Advisory] http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1/hotfix/ReadMe.txt

[Broken Link, Patch, Vendor Advisory] http://www.iss.net/security_center/static/9044.php

[Broken Link] http://www.osvdb.org/4363

[Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/4702

Scores

CVSS v3 5.5

EPSS 0.0015

EPSS Percentile 35.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-459

Status draft

Affected Products (3)

pgp/corporate_desktop

pgp/freeware

pgp/personal_security

Timeline

Published Aug 12, 2002

Tracked Since Feb 18, 2026