CVE-2002-0788

An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information.

Published: Aug 12, 2002
Updated: May 9, 2024
CVE: CVE-2002-0788
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-459

Affected Software
References

Software	From	Fixed in
pgp / freeware	7.0.3	7.0.3.x
pgp / corporate_desktop	7.1	7.1.x
pgp / personal_security	7.0.3	7.0.3.x

http://archives.neohapsis.com/archives/bugtraq/2002-05/0052.html
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1/hotfix/ReadMe.txt
http://www.iss.net/security_center/static/9044.php
http://www.osvdb.org/4363
http://www.securityfocus.com/bid/4702

Vulnerability Database

289,599

CVE-2002-0788