CVE-2008-4420
Summary
| CVE | CVE-2008-4420 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-04-13 16:30:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:M/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Filestream | Turbozip | 6.0 | All | All | All |
| Application | Hp | Openview Performance Agent | c.04.60 | All | All | All |
| Application | Hp | Openview Performance Agent | c.04.70 | All | All | All |
| Application | Hp | Openview Performance Agent | c.04.72 | All | All | All |
| Application | Innermedia | Dynazip Max | All | All | All | All |
| Application | Innermedia | Dynazip Max Secure | All | All | All | All |
| Operating System | Microsoft | Windows | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Vendor Advisory |
| HP OpenView Performance Agent Flaw in DynaZip Component Lets Remote Users Execute Arbitrary Code - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| HP OpenView Performance Agent DynaZip Buffer Overflow Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Vendor Advisory |
| [vuln.sg] TurboZIP ZIP Repair Buffer Overflow Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | vuln.sg | |
| osvdb.org/53478 | af854a3a-2127-422b-91ae-364da2661108 | osvdb.org | |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| InnerMedia DynaZip ZIP Archive Handling Multiple Buffer Overflow Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Patch |
| HPSBMA02396 SSRT080175 rev.1 - HP OpenView Performance Agent and HP Performance Agent Running on Windows, Remote Execution of Arbitrary Code - c01622011 - HP Business Support Center | af854a3a-2127-422b-91ae-364da2661108 | h20000.www2.hp.com | Vendor Advisory |
| [vuln.sg] DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | vuln.sg | Exploit |
| DynaZip dzip32.dll/dzips32.dll Buffer Overflow Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| innermedia.com/upgrades.html | af854a3a-2127-422b-91ae-364da2661108 | innermedia.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.