PT-2006-1969 · Allume · Stuffit Expander+3

Published

2006-02-28

Updated

2018-10-18

CVE-2006-0926

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Allume StuffIt Standard and Deluxe version 9.0 Allume ZipMagic Deluxe version 9.0 Allume StuffIt Expander version 9.0.0.21 Engine 9.0.0.21

Description The issue allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a zip or tar archive.

Recommendations For Allume StuffIt Standard and Deluxe version 9.0, update to a version that fixes the directory traversal vulnerabilities. For Allume ZipMagic Deluxe version 9.0, update to a version that fixes the directory traversal vulnerabilities. For Allume StuffIt Expander version 9.0.0.21 Engine 9.0.0.21, update to a version that fixes the directory traversal vulnerabilities.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0926

Affected Products

Stuffit Deluxe

Stuffit Expander

Stuffit Standard

Zipmagic Deluxe

PT-2006-1969 · Allume · Stuffit Expander+3

CVE-2006-0926

Related Identifiers

Affected Products

References · 8