This article is more than 1 year old
PGP Outlook plugin has major security hole
Relax, there's a patch
A malicious e-mail can create a buffer overrun in Network Associates' PGP plugin for MS Outlook on Windows, which in turn can be used to run arbitrary code with the user's level of privilege. At a minimum this could compromise the user's passphrase and expose his encrypted messages, and at a maximum surrender control of the machine. Attachments do not need to be activated; merely selecting the malicious message is sufficient.
PGP Desktop Security 7.0.4, Personal Security 7.0.3 and Freeware 7.0.3 are affected. NAI has a hotfix posted here. The issue was discovered by eEye's Marc Maiffret. ®