vendor:
GNU Privacy Assistant
by:
Dr_IDE
7.8
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: GNU Privacy Assistant
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7RC, Windows XPSP3
2009
GPG4Win – GNU Privacy Assistant – GPA.EXE – Crash PoC
This PoC exploits a buffer overflow vulnerability in GPA.EXE, the executable for the GNU Privacy Assistant (GPA) component of GPG4Win. When a specially crafted PGP message is pasted into the GPA Clipboard, it causes a crash. The PoC does not seem to overwrite anything, even when the content is increased to 10,000+ characters.
Mitigation:
Upgrade to the latest version of GPG4Win, which is not vulnerable to this exploit.