PGP Outlook Encryption Plug-in Vulnerability

eEye staffers Marc Maiffret and Riley Hassell, were again busy on finding the bugs, so a new advisory hit the “streets” today. This time, there is a remote vulnerability in NAI PGP Outlook plug-in which is included in these products: NAI PGP Desktop Security 7.0.4, NAI PGP Personal Security 7.0.3 and NAI PGP Freeware 7.0.3. eEye’s information on the vulnerability can be found below (just an overview of the problem, for full advisory click the link below.

Title: Remote PGP Outlook Encryption Plug-in Vulnerability
Link:
A vulnerability in the NAI PGP Outlook plug-in can be exploited to remotely execute code on any system that uses the NAI PGP Outlook plug-ins. By sending a carefully crafted email, the message decoding functionality can be manipulated to overwrite various heap structures pertinent to the PGP plug-in.

This vulnerability can be exploited by the Outlook user simply selecting a “malicious” email, the opening of an attachment is not required. When the attack is performed against a target system, malicious code will be executed within the context of the user receiving the email. This can lead to the compromise of the target’s machine, as well as their PGP encrypted communications. Also, it should be noted that because of the nature of the SMTP protocol this vulnerability can be exploited anonymously.

Network Associates released a hotfix for this problem:

File: PGPOutlookPluginHotfix_20020710.zip
Size: 90 kb
Platform: Windows 95, 98, ME, NT, 2000, XP
Version: 7.0.3/7.0.4
Date: 07/10/02
Release note:The PGP plug-in for Microsoft Exchange/Outlook can experience a buffer overflow when processing e-mail. This vulnerability makes it theoretically possible for a third party to run malicious code on the affected system. (Note: This issue does not affect PGP Corporate Desktop users.) This hotfix fixes the buffer overflow problem, and removes the potential vulnerability.
Link: http://www.nai.com/naicommon/download/upgrade/patches/patch-pgphotfix.asp