CVE: CVE-2002-1696

Export to Word

Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00064
Percentile: 0.20276

CVSS Scoring

CVSS v3.1 Score: 5.5

Severity: MEDIUM

Mapped CWE(s)

CWE-312 : Cleartext Storage of Sensitive Information

All CAPEC(s)

CAPEC-37: Retrieve Embedded Sensitive Data

CAPEC(s) with Mapped TTPs

CAPEC-37: Retrieve Embedded Sensitive Data
Mapped TTPs:
- T1005 : Data from Local System
- T1552.004 : Private Keys

Mapped ATT&CK TTPs

T1005 : Data from Local System
Kill Chain: collection
T1552.004 : Private Keys
Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

Operation Wocao
SolarWinds Compromise
Operation CuckooBees
CostaRicto
Operation Honeybee
Operation Dream Job
C0015
Frankenstein
Night Dragon
Operation MidnightEclipse
C0017
Cutting Edge
C0026

Affected Products

cpe:2.3:a:pgp:personal_privacy:7.0:*:*:*:*:*:*:*
cpe:2.3:a:pgp:personal_privacy:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:pgp:personal_privacy:7.0.4:*:*:*:*:*:*:*

← Back to Home