CVE-2009-0681

PGP Desktop < 9.10 - Denial of Service and Arbitrary Code Execution via IOCTL Requests

Title source: llm
STIX 2.1

Description

PGP Desktop before 9.10 allows local users to (1) cause a denial of service (crash) via a crafted IOCTL request to pgpdisk.sys, and (2) cause a denial of service (crash) and execute arbitrary code via a crafted IRP in an IOCTL request to pgpwded.sys.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/502633/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022034

Scores

EPSS 0.0042
EPSS Percentile 34.1%

Details

CWE
CWE-20
Status published
Products (4)
pgp/desktop 8.0 (2 CPE variants)
pgp/desktop 9.0 (2 CPE variants)
pgp/desktop 9.0.6 (2 CPE variants)
pgp/desktop < 9.9.0 (2 CPE variants)
Published Apr 15, 2009
Tracked Since Feb 18, 2026