vulnerability in Outlook PGP plugin