CVE-2002-0788

MEDIUM

PGP 7.0.3 - Info Disclosure

Title source: llm

Description

An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information.

References (5)

[Third Party Advisory] http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1/hotfix/ReadMe.txt

[Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/4702

[Broken Link] http://www.osvdb.org/4363

[Broken Link, Patch, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2002-05/0052.html

[Broken Link, Patch, Vendor Advisory] http://www.iss.net/security_center/static/9044.php

Scores

CVSS v3 5.5

EPSS 0.0015

EPSS Percentile 35.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-459

Status published

Products (3)

pgp/corporate_desktop 7.1

pgp/freeware 7.0.3

pgp/personal_security 7.0.3

Published Aug 12, 2002

Tracked Since Feb 18, 2026