Home > Company > News > 2002 Archives > PR20020710
News
eEye Digital Security Finds Major Vulnerability in Microsoft Windows Systems With NAI PGP Outlook Plug-In Enabled

(ALISO VIEJO, CA) July 10, 2002 — For further information and a technical description of the advisory please visit:
http://www.eeye.com/html/Research/Advisories/AD20020710.html

eEye Digital Security has discovered a critical security vulnerability in all Microsoft Windows systems with the NAI PGP Outlook plug-in enabled. A vulnerability in the NAI PGP Outlook plug-in can be exploited to execute attacker-supplied code on the target's computer. The vulnerability exists as a heap overflow in the interpretation and handling of the malformed email.

The PGP vulnerability enables an attacker to send a specially crafted email to any Outlook address enabled with the PGP plug-in, which will in turn give them access to that system. This could include attackers compromising private key's that can then be used to decrypt encrypted communications.

Network Associates' PGP, is an easy point-and-click public key encryption system deployed by many to protect digital information transferred online. The vulnerability was found specifically in the implementation of NAI's PGP for Microsoft Outlook; therefore, this vulnerability only affects Microsoft Outlook users with the NAI PGP plug-in enabled.

eEye Digital Security urges all users to download and install the patch immediately:
http://www.nai.com/naicommon/download/upgrade/patches/patch-pgphotfix.asp

eEye alerted Network Associates' security team immediately upon discovery of the vulnerability, and has worked closely with NAI on the development of a patch and the expeditious alerting of administrators worldwide.

About eEye Digital Security

eEye Digital Security® is pioneering a new class of security products:integrated threat management. This next-generation of security detects vulnerabilities and threats, prevents intrusions, protects all of an enterprise’s key computing resources, from endpoints to network assets to web sites and web applications, all while providing a centralized point of security management and network visibility.eEye’s research team is consistently the first to identify new threats in the wild, and our products leverage that research to deliver on the goal of making network security as easy to use and reliable as networking itself. Founded in 1998 and headquartered in Orange County, California, eEye Digital Security protects more than 9,000 corporate and government organizations worldwide, including half of the Fortune 100. For more information, please visit www.eeye.com

Primary Agency Contact

Victor Cruz
MediaPR
(508) 655-4397 eEye@mediapr.net

EMEA Agency Contact

Ralph Klöwer
INTERFACE Relations
+49 (0) 89-552 688-66 r.kloewer@interface.pr.de

Corporate Contact

Stacy Newman
eEye Digital Security
(949) 900-4131 press@eEye.com