Unrated severityNVD Advisory· Published Feb 28, 2006· Updated Apr 16, 2026

CVE-2006-0926

Description

Multiple directory traversal vulnerabilities in Allume StuffIt Standard and Deluxe 9.0, ZipMagic Deluxe 9.0, and StuffIt Expander 9.0.0.21 Engine 9.0.0.21 allow remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive.

Affected products

Smithmicro/Stuffit Deluxe
cpe:2.3:a:smithmicro:stuffit_deluxe:9.0:*:*:*:*:*:*:*
Smithmicro/Stuffit Expander
cpe:2.3:a:smithmicro:stuffit_expander:9.0.0.21_engine_9.0.0.21:*:*:*:*:*:*:*
Smithmicro/Stuffit Standard
cpe:2.3:a:smithmicro:stuffit_standard:9.0:*:*:*:*:*:*:*
Smithmicro/Zipmagic Deluxe
cpe:2.3:a:smithmicro:zipmagic_deluxe:9.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/19010nvdVendor Advisory
www.hamid.ir/security/stuffit.txtnvd
www.osvdb.org/23463nvd
www.securityfocus.com/archive/1/425972/100/0/threadednvd
www.securityfocus.com/bid/16806nvd
www.vupen.com/english/advisories/2006/0732nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24886nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000