cbcvebase.
CVE-2008-4420
published 2009-04-13

CVE-2008-4420: Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView…

PriorityP344critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
5.66%
92.0th percentile
Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.

Affected

6 ranges
VendorProductVersion rangeFixed in
filestreamturbozip
hpopenview_performance_agent
hpopenview_performance_agent
hpopenview_performance_agent
innermediadynazip_max<= 5.0.0.7
innermediadynazip_max_secure<= 6.0.0.4
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.