CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
92.0%
Multiple directory traversal vulnerabilities in Allume StuffIt Standard and Deluxe 9.0, ZipMagic Deluxe 9.0, and StuffIt Expander 9.0.0.21 Engine 9.0.0.21 allow remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive.
Vendor | Product | Version | CPE |
---|---|---|---|
smithmicro | stuffit_deluxe | 9.0 | cpe:2.3:a:smithmicro:stuffit_deluxe:9.0:*:*:*:*:*:*:* |
smithmicro | stuffit_expander | 9.0.0.21_engine_9.0.0.21 | cpe:2.3:a:smithmicro:stuffit_expander:9.0.0.21_engine_9.0.0.21:*:*:*:*:*:*:* |
smithmicro | stuffit_standard | 9.0 | cpe:2.3:a:smithmicro:stuffit_standard:9.0:*:*:*:*:*:*:* |
smithmicro | zipmagic_deluxe | 9.0 | cpe:2.3:a:smithmicro:zipmagic_deluxe:9.0:*:*:*:*:*:*:* |