|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Rob MacGregor (rob_macgregor_at_HOTMAIL.COM)
Date: Thu Jul 11 2002 - 12:30:27 CDT
>From: Marc Maiffret <marc
EEYE.COM>
>
>Remote PGP Outlook Encryption Plug-in Vulnerability
>
>Release Date:
>July 10, 2002
>
>Severity:
>High (Remote Code Execution)
>
<---SNIP--->
>
>Vendor Status: NAI has worked quickly to safeguard customers against this
>vulnerability. They have released a patch, for the latest versions of the
>PGP Outlook plug-in, to protect systems from this flaw. You may download
>the
>patch from:
>http://www.nai.com/naicommon/download/upgrade/patches/patch-pgphotfix.asp
>Note: This issue does not affect PGP Corporate Desktop users.
I've downloaded and installed the patch at the above URL. However the
content of the patch appears to be incorrect.
The README states:
You should see the following information:
File Version: 7.0.5.0
Product Version: 7.0.5
Build Number: 104
However the actual file installed is:
File Version: 7.0.4.0
Product Version: 7.0.4
Build Number: Hotfix 2
If somebody's got contacts in NAI they might want to warn them that they
appear to be shipping a non-patch...
Please don't CC me on anything sent to mailing lists or send
me email directly unless it's a privacy issue, thanks.
--
Rob | Ask questions the smart way:
http://www.tuxedo.org/~esr/faqs/smart-questions.html
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]