CVE-2008-4420: Buffer Overflow
First published: Mon Apr 13 2009(Updated: )
Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Innermedia Dynazip Max Secure | <=6.0.0.4 | |
| Innermedia Dynazip Max | <=5.0.0.7 | |
| Turbozip | =6.0 | |
| Microsoft Windows Operating System | ||
| HP Performance Agent | =c.04.60 | |
| HP Performance Agent | =c.04.70 | |
| HP Performance Agent | =c.04.72 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://vuln.sg/dynazip5007-en.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01622011
- http://secunia.com/advisories/34659
- http://vuln.sg/turbozip6-en.html
- http://www.securityfocus.com/archive/1/441084
- http://www.vupen.com/english/advisories/2009/0980
- http://innermedia.com/upgrades.html
- http://www.vupen.com/english/advisories/2006/2957
- http://www.securityfocus.com/archive/1/441083
- http://www.securityfocus.com/bid/19143
- http://secunia.com/advisories/21180
- http://osvdb.org/53478
- http://www.securitytracker.com/id?1022021
Frequently Asked Questions
What is the severity of CVE-2008-4420?
CVE-2008-4420 has a critical severity rating due to the potential for remote code execution via stack-based buffer overflows.
How do I fix CVE-2008-4420?
To mitigate CVE-2008-4420, update DZIP32.DLL to version 5.0.0.8 or later and DZIPS32.DLL to version 6.0.0.5 or later.
Which software is affected by CVE-2008-4420?
CVE-2008-4420 impacts DynaZip Max and DynaZip Max Secure, along with HP OpenView Performance Agent versions C.04.60, C.04.70, and C.04.72.
What are the consequences of exploiting CVE-2008-4420?
Exploiting CVE-2008-4420 can allow attackers to execute arbitrary code on the system, compromising its integrity.
Is there a workaround for CVE-2008-4420 if I can't update?
If you cannot update to the patched versions, it is recommended to limit access to the vulnerable software and avoid the use of untrusted input.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/remedy
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- vendor/innermedia
- canonical/innermedia dynazip max secure
- version/innermedia dynazip max secure/6.0.0.4
- canonical/innermedia dynazip max
- version/innermedia dynazip max/5.0.0.7
- vendor/filestream
- canonical/turbozip
- version/turbozip/6.0
- vendor/microsoft
- canonical/microsoft windows operating system
- vendor/hp
- canonical/hp performance agent
- version/hp performance agent/c.04.60
- version/hp performance agent/c.04.70
- version/hp performance agent/c.04.72