[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87888

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2008-4420Date: (C)2009-04-13   (M)2018-02-19


Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1022021
BID-19143
http://www.securityfocus.com/archive/1/441083
http://www.securityfocus.com/archive/1/441084
SECUNIA-21180
SECUNIA-34659
OSVDB-53478
ADV-2006-2957
ADV-2009-0980
HPSBMA02396
SSRT080175
http://vuln.sg/dynazip5007-en.html
http://vuln.sg/turbozip6-en.html

CPE    1
cpe:/a:hp:openview_performance_agent:c.04.60
CWE    1
CWE-119

© SecPod Technologies