A vulnerability in the NAI PGP Outlook plug-in can be exploited to remotely execute code on any system that uses the NAI PGP Outlook plug-ins.
This vulnerability can be exploited by the Outlook user simply selecting a malicious email, the opening of an attachment is not required. When the attack is performed against a target system, malicious code will be executed within the context of the user receiving the email. This can lead to the compromise of the target's machine, as well as their PGP encrypted communications. Also, it should be noted that because of the nature of the SMTP protocol this vulnerability can be exploited anonymously.Read more