Unrated severityNVD Advisory· Published Apr 13, 2009· Updated Apr 23, 2026

CVE-2008-4420

Description

Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.

Affected products

Filestream/Turbozip
cpe:2.3:a:filestream:turbozip:6.0:*:*:*:*:*:*:*
HP/Openview Performance Agent3 versions
cpe:2.3:a:hp:openview_performance_agent:c.04.60:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:hp:openview_performance_agent:c.04.60:*:*:*:*:*:*:*
- cpe:2.3:a:hp:openview_performance_agent:c.04.70:*:*:*:*:*:*:*
- cpe:2.3:a:hp:openview_performance_agent:c.04.72:*:*:*:*:*:*:*
Innermedia/Dynazip Max
cpe:2.3:a:innermedia:dynazip_max:*:*:*:*:*:*:*:*
Range: <=5.0.0.7
Innermedia/Dynazip Max Secure
cpe:2.3:a:innermedia:dynazip_max_secure:*:*:*:*:*:*:*:*
Range: <=6.0.0.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/19143nvdPatch
vuln.sg/dynazip5007-en.htmlnvdExploit
h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvdVendor Advisory
secunia.com/advisories/21180nvdVendor Advisory
secunia.com/advisories/34659nvdVendor Advisory
www.vupen.com/english/advisories/2006/2957nvdVendor Advisory
www.vupen.com/english/advisories/2009/0980nvdVendor Advisory
innermedia.com/upgrades.htmlnvd
osvdb.org/53478nvd
vuln.sg/turbozip6-en.htmlnvd
www.securityfocus.com/archive/1/441083nvd
www.securityfocus.com/archive/1/441084nvd
www.securitytracker.com/idnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000