cbcvebase.
CVE-2007-1264
published 2007-03-06

CVE-2007-1264: Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between…

PriorityP429medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
4.60%
90.5th percentile
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

Affected

3 ranges
VendorProductVersion rangeFixed in
debianenigmail< enigmail 2:0.95.0+1-1 (bullseye)enigmail 2:0.95.0+1-1 (bullseye)
enigmailenigmail<= 0.94.2
enigmailenigmail>= 0 < 2:0.95.0+1-12:0.95.0+1-1

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_debian5.0LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.