Vulnerability Report

CVE-2010-3618

Title: Pgp Desktop For Windows Cryptographic Failures

Other

Proof Of Concept

No public PoC currently indexed for CVE-2010-3618.

CWE Category CWE-310

Published Date Nov 22, 2010

Modified Date Apr 29, 2026

Exploit Status Not Found

Score 4.3 CVSS v2.0

Exploit Probability (EPSS)

1.75%

Vulnerability Summary

CVE-2010-3618: PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue.

Impacted Vendors

pgp 2

Reference Links

http://secunia.com/advisories/42293 http://secunia.com/advisories/42307 http://www.cs.ru.nl/E.Verheul/papers/Govcert/Pretty%20Good%20Piggybagging%20v1.0.pdf http://www.kb.cert.org/vuls/id/300785 http://www.securitytracker.com/id?1024760 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101118_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/63366 https://pgp.custhelp.com/app/answers/detail/a_id/2290 http://secunia.com/advisories/42293 http://secunia.com/advisories/42307 http://www.cs.ru.nl/E.Verheul/papers/Govcert/Pretty%20Good%20Piggybagging%20v1.0.pdf http://www.kb.cert.org/vuls/id/300785 http://www.securitytracker.com/id?1024760 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101118_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/63366 https://pgp.custhelp.com/app/answers/detail/a_id/2290

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

4.3

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:N/I:P/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2010-3618 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 29, 2026 MODIFIED

Vulnerability data updated via NVD.

April 11, 2025 MODIFIED

Vulnerability data or affected products updated.

November 22, 2010 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected Stack

No specific products linked.