Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4420

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4420
Last Modified 04 Jun 2010 12:00:00
Published 13 Apr 2009 12:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4420

Summary

Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.

Vulnerable Systems

Application

  • Filestream Turbozip 6.0

  • Hp Openview Performance Agent C.04.60

  • Hp Openview Performance Agent C.04.70

  • Hp Openview Performance Agent C.04.72

  • Innermedia Dynazip Max 5.0.0.7

  • Innermedia Dynazip Max Secure 6.0.0.4


References

BID - 19143

HP - SSRT080175

VUPEN - ADV-2009-0980

VUPEN - ADV-2006-2957

SECTRACK - 1022021

BUGTRAQ - 20060725 [vuln.sg] TurboZIP ZIP Repair Buffer Overflow Vulnerability

BUGTRAQ - 20060725 [vuln.sg] DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities

MISC - http://vuln.sg/turbozip6-en.html

MISC - http://vuln.sg/dynazip5007-en.html

SECUNIA - 34659

SECUNIA - 21180

OSVDB - 53478

HP - HPSBMA02396


Last Updated: 27 May 2016 10:49:56