CVE-2004-2609 - Unhygienic Splicer

Description

The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four \stuffit /f:stuffit.dat\ invocations possibly due to a buffer overflow.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1180.html http://www.securityfocus.com/bid/11068 http://www.osvdb.org/9276 http://securitytracker.com/id?1011081 https://exchange.xforce.ibmcloud.com/vulnerabilities/17147