CVE-2006-0926

high

Description

Multiple directory traversal vulnerabilities in Allume StuffIt Standard and Deluxe 9.0, ZipMagic Deluxe 9.0, and StuffIt Expander 9.0.0.21 Engine 9.0.0.21 allow remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24886

http://www.vupen.com/english/advisories/2006/0732

http://www.securityfocus.com/bid/16806

http://www.securityfocus.com/archive/1/425972/100/0/threaded

http://www.osvdb.org/23463

http://www.hamid.ir/security/stuffit.txt

http://secunia.com/advisories/19010

Details

Source: Mitre, NVD

Published: 2006-02-28

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.01104