CVE-2009-0681 Information

Description

PGP Desktop before 9.10 allows local users to (1) cause a denial of service (crash) via a crafted IOCTL request to pgpdisk.sys and (2) cause a denial of service (crash) and execute arbitrary code via a crafted IRP in an IOCTL request to pgpwded.sys.

Reference

http://en.securitylab.ru/lab/PT-2009-01 http://www.securityfocus.com/archive/1/502633/100/0/threaded http://www.securitytracker.com/id?1022034 https://pgp.custhelp.com/cgi-bin/pgp.cfg/php/enduser/std_adp.php?p_faqid=1014&p_topview=1