[Am-info] Security Flaw Found In Outlook Plug-In

[Fred A. Miller]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Security Flaw Found In Outlook Plug-In

Users of Network Associates' PGP Desktop Security 7.0.4, PGP=20
Personal Security 7.0.3, and PGP Freeware 7.0.3 are being warned=20
that the popular encryption software contains a serious security=20
vulnerability that could let attackers take control of their=20
systems, and even compromise secure communications if the=20
attacker installs keystroke-logging software as part of the=20
attack.=20

The flaw doesn't affect the PGP, or Pretty Good Privacy,=20
encryption software itself but rather the PGP plug-in for=20
Microsoft Outlook E-mail used to encrypt sensitive E-mail=20
messages, according to eEye Digital Security. Outlook users who=20
merely select a malicious E-mail containing carefully crafted=20
code could find their systems hacked, eEye says. PGP Corporate=20
Desktop users aren't affected, according to the advisory. PGP is=20
widely available for download on the Web as freeware and is used=20
by law-enforcement and U.S. intelligence agencies.

Network Associates has made a patch available for download at=20
http://update.informationweek.com/cgi-bin4/flo?y=3DeHxD0Bce7K0V20BfJx0Af

- --=20
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org, www.cupserv.org
- --- SuSE Linux v8.0 Pro, KMail 3.0.1---
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj0vPuIACgkQB9vk4ichYXeKtQCfRkSmYdlXyDB2Z1nnC8IeTTLN
Za4An1u/qN/E7U9TzAsrx9K7taZFIPQM
=3DcbP/
-----END PGP SIGNATURE-----