Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0926

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-0926
Last Modified 07 Mar 2011 09:31:09
Published 28 Feb 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-0926

Summary

Multiple directory traversal vulnerabilities in Allume StuffIt Standard and Deluxe 9.0, ZipMagic Deluxe 9.0, and StuffIt Expander 9.0.0.21 Engine 9.0.0.21 allow remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive.

Vulnerable Systems

Application

  • Smithmicro Stuffit Deluxe 9.0

  • Smithmicro Stuffit Expander 9.0.0.21 Engine 9.0.0.21

  • Smithmicro Stuffit Standard 9.0

  • Smithmicro Zipmagic Deluxe 9.0


References

VUPEN - ADV-2006-0732

BID - 16806

BUGTRAQ - 20060224 StuffIt and ZipMagic Family of products Directory traversal

MISC - http://www.hamid.ir/security/stuffit.txt

SECUNIA - 19010

XF - stuffit-zipmagic-archive-directory-traversal(24886)

OSVDB - 23463


Last Updated: 27 May 2016 10:41:50