CVE-2002-2069

Published: Dec 31, 2002Modified: Apr 16, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

Affected (2)

Products: Pgp: Personal Privacy

Pgp

1 product

Personal Privacy

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Pgp Personal Privacy	From 6.0.2 to 6.5.8
Pgp Personal Privacy	From 7.0 to 7.1.1

Related CWEs

CWE-459

Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

References (10)

http://www.ciac.org/ciac/bulletins/m-034.shtml

Source: cve@mitre.org

Broken LinkVendor Advisory

http://www.iss.net/security_center/static/7953.php

Source: cve@mitre.org

Broken Link

http://www.securityfocus.com/archive/1/251565

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/3912

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.seifried.org/security/advisories/kssa-003.html

Source: cve@mitre.org

Broken LinkVendor Advisory

http://www.ciac.org/ciac/bulletins/m-034.shtml