CVE-2008-5731 | Vulnerability Database | Aqua Security

The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service (system crash) and possibly gain privileges via a certain METHOD_BUFFERED IOCTL request that overwrites portions of memory, related to a Driver Collapse. NOTE: some of these details are obtained from third party information.

Affected Software

Name	Vendor	Start Version	End Version
Desktop	Pgp	9.0.6 (including)	9.0.6 (including)
Desktop	Pgp	9.9.0 (including)	9.9.0 (including)

References

http://osvdb.org/50914
http://secunia.com/advisories/33310
http://securityreason.com/securityalert/4811
http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service.php
http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service_POC.php
http://www.securityfocus.com/archive/1/499572/100/0/threaded
http://www.securityfocus.com/bid/32991
http://www.securitytracker.com/id?1021493
https://www.exploit-db.com/exploits/7556
http://osvdb.org/50914
http://secunia.com/advisories/33310
http://securityreason.com/securityalert/4811
http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service.php
http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service_POC.php
http://www.securityfocus.com/archive/1/499572/100/0/threaded
http://www.securityfocus.com/bid/32991
http://www.securitytracker.com/id?1021493
https://www.exploit-db.com/exploits/7556

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-5731
CWE	https://cwe.mitre.org/data/definitions/399.html