CVE-2008-4420

HP OpenView Performance Agent - Stack-Based Buffer Overflow via Long Filename in ZIP Archive

Title source: llm
STIX 2.1

Description

Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.

References (13)

Core 13
Core References
Various Sources x_refsource_misc
http://innermedia.com/upgrades.html
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19143
Exploit x_refsource_misc
http://vuln.sg/dynazip5007-en.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022021
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/441083
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/53478
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/441084
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21180
Various Sources x_refsource_misc
http://vuln.sg/turbozip6-en.html
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2957
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34659
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0980

Scores

EPSS 0.0653
EPSS Percentile 91.2%

Details

CWE
CWE-119
Status published
Products (6)
filestream/turbozip 6.0
hp/openview_performance_agent c.04.60
hp/openview_performance_agent c.04.70
hp/openview_performance_agent c.04.72
innermedia/dynazip_max < 5.0.0.7
innermedia/dynazip_max_secure < 6.0.0.4
Published Apr 13, 2009
Tracked Since Feb 18, 2026