// For flags

CVE-2008-4420

 

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.

Múltiples desbordamientos de búfer basados en pila en DZIP32.DLL en versiones anteriores a v5.0.0.8 en DynaZip Max y DZIPS32.DLL en versiones anteriores a v6.0.0.5 e DynaZip Max Secure, cuando son usados en HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 y C.04.72, TurboZIP 6.0 y otros productos, permiten a atacantes con la intervención del usuario ejecutar código de su elección a través un nombre largo de fichero ZIP durante una acción de (1) "Fix" (reparar), (2) añadir, (3) actualizar o (4) refrescar. Este asunto está relacionado con el CVE-2006-3985.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-10-03 CVE Reserved
  • 2009-04-09 CVE Published
  • 2024-01-02 EPSS Updated
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Hp
Search vendor "Hp"
Openview Performance Agent
Search vendor "Hp" for product "Openview Performance Agent"
c.04.60
Search vendor "Hp" for product "Openview Performance Agent" and version "c.04.60"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Hp
Search vendor "Hp"
Openview Performance Agent
Search vendor "Hp" for product "Openview Performance Agent"
c.04.70
Search vendor "Hp" for product "Openview Performance Agent" and version "c.04.70"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Hp
Search vendor "Hp"
Openview Performance Agent
Search vendor "Hp" for product "Openview Performance Agent"
c.04.72
Search vendor "Hp" for product "Openview Performance Agent" and version "c.04.72"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Innermedia
Search vendor "Innermedia"
Dynazip Max
Search vendor "Innermedia" for product "Dynazip Max"
<= 5.0.0.7
Search vendor "Innermedia" for product "Dynazip Max" and version " <= 5.0.0.7"
-
Affected
Innermedia
Search vendor "Innermedia"
Dynazip Max Secure
Search vendor "Innermedia" for product "Dynazip Max Secure"
<= 6.0.0.4
Search vendor "Innermedia" for product "Dynazip Max Secure" and version " <= 6.0.0.4"
-
Affected
Filestream
Search vendor "Filestream"
Turbozip
Search vendor "Filestream" for product "Turbozip"
6.0
Search vendor "Filestream" for product "Turbozip" and version "6.0"
-
Affected