CVE-2002-1696

MEDIUM

PGP Personal Privacy - Cleartext Storage

Title source: rule

Description

Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.

References (3)

[Broken Link] http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=528

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/3825

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/7900

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 19.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-312

Status draft

Affected Products (3)

pgp/personal_privacy

pgp/personal_privacy

pgp/personal_privacy

Timeline

Published Dec 31, 2002

Tracked Since Feb 18, 2026