The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four βstuffit /f:stuffit.datβ invocations, possibly due to a buffer overflow.