CVE-2008-4420

Published: Apr 13, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.

Affected (6)

Products: Hp: Openview Performance Agent · Innermedia: Dynazip Max, Dynazip Max Secure · Filestream: Turbozip

1 product

Openview Performance Agent

2 products

Dynazip Max Secure

1 product

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Openview Performance Agent	Version c.04.60
Hp Openview Performance Agent	Version c.04.70
Hp Openview Performance Agent	Version c.04.72

Running on/with	Platform Versions
Microsoft Windows	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Innermedia Dynazip Max	Up to 5.0.0.7
Innermedia Dynazip Max Secure	Up to 6.0.0.4

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Filestream Turbozip	Version 6.0

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (26)

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01622011

Source: cve@mitre.org

Vendor Advisory

http://innermedia.com/upgrades.html

Source: cve@mitre.org

http://osvdb.org/53478

Source: cve@mitre.org

http://secunia.com/advisories/21180

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/34659

Source: cve@mitre.org

Vendor Advisory

http://vuln.sg/dynazip5007-en.html

Source: cve@mitre.org

Exploit

http://vuln.sg/turbozip6-en.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/441083

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/441084

Source: cve@mitre.org

http://www.securityfocus.com/bid/19143

Source: cve@mitre.org

Patch

http://www.securitytracker.com/id?1022021

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/2957

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2009/0980

Source: cve@mitre.org

Vendor Advisory

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01622011

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://innermedia.com/upgrades.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/53478

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21180

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/34659

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://vuln.sg/dynazip5007-en.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://vuln.sg/turbozip6-en.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/441083

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/441084

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/19143

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securitytracker.com/id?1022021

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/2957

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2009/0980

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.