CVE-2008-4420

critical

HPE

CVSS v3 Base Score

9.3

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS Score

6.5%

Exploitation probability in 30 days

Top 9% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

Integrity

Availability

Published: April 13, 2009 (6240 days ago)

Last Modified: April 23, 2026

Vendor: HPE

Source: NVD

Description

Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.

CWE

CWE-119

Affected Products

hp openview performance agentinnermedia dynazip maxinnermedia dynazip max securefilestream turbozip

References

🔗 h20000.www2.hp.com 🔗 innermedia.com 🔗 osvdb.org 🔗 secunia.com 🔗 secunia.com

CVE-2008-4420

Vulnerability Report

Description

CWE

Affected Products

References