Vulnerability Details CVE-2006-0926
Multiple directory traversal vulnerabilities in Allume StuffIt Standard and Deluxe 9.0, ZipMagic Deluxe 9.0, and StuffIt Expander 9.0.0.21 Engine 9.0.0.21 allow remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.0%
CVSS Severity
CVSS v2 Score 2.6
References
- http://secunia.com/advisories/19010
- http://www.hamid.ir/security/stuffit.txt
- http://www.osvdb.org/23463
- http://www.securityfocus.com/archive/1/425972/100/0/threaded
- http://www.securityfocus.com/bid/16806
- http://www.vupen.com/english/advisories/2006/0732
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24886
- http://secunia.com/advisories/19010
- http://www.hamid.ir/security/stuffit.txt
- http://www.osvdb.org/23463
- http://www.securityfocus.com/archive/1/425972/100/0/threaded
- http://www.securityfocus.com/bid/16806
- http://www.vupen.com/english/advisories/2006/0732
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24886
Products affected by CVE-2006-0926
-
cpe:2.3:a:smithmicro:stuffit_deluxe:9.0
-
cpe:2.3:a:smithmicro:stuffit_expander:9.0.0.21_engine_9.0.0.21
-
cpe:2.3:a:smithmicro:stuffit_standard:9.0
-
cpe:2.3:a:smithmicro:zipmagic_deluxe:9.0