[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96125

 
 

909

 
 

78020

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-4420

Date: (C)2009-04-13   (M)2015-12-16
 
CVSS Score: 9.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.

Reference:
SECTRACK-1022021
BID-19143
http://www.securityfocus.com/archive/1/441083
http://www.securityfocus.com/archive/1/441084
SECUNIA-21180
SECUNIA-34659
OSVDB-53478
ADV-2006-2957
ADV-2009-0980
HPSBMA02396
SSRT080175
http://vuln.sg/dynazip5007-en.html
http://vuln.sg/turbozip6-en.html

CPE    1
cpe:/a:hp:openview_performance_agent:c.04.60
CWE    1
CWE-119

© 2013 SecPod Technologies