CVE-2009-0681
PGP Desktop < 9.10 - Denial of Service and Arbitrary Code Execution via IOCTL Requests
Title source: llmDescription
PGP Desktop before 9.10 allows local users to (1) cause a denial of service (crash) via a crafted IOCTL request to pgpdisk.sys, and (2) cause a denial of service (crash) and execute arbitrary code via a crafted IRP in an IOCTL request to pgpwded.sys.
References (4)
Core 4
Core References
Patch x_refsource_misc
http://en.securitylab.ru/lab/PT-2009-01
Vendor Advisory x_refsource_misc
https://pgp.custhelp.com/cgi-bin/pgp.cfg/php/enduser/std_adp.php?p_faqid=1014&p_topview=1
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/502633/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022034
Scores
EPSS
0.0042
EPSS Percentile
34.1%
Details
CWE
CWE-20
Status
published
Products (4)
pgp/desktop
8.0 (2 CPE variants)
pgp/desktop
9.0 (2 CPE variants)
pgp/desktop
9.0.6 (2 CPE variants)
pgp/desktop
< 9.9.0 (2 CPE variants)
Published
Apr 15, 2009
Tracked Since
Feb 18, 2026