Stack-based Buffer Overflow in DynaZip Max and Related Products
CVE-2008-4420

Currently unrated

Key Information:

Vendor: HP
Status: Openview Performance Agent
Vendor: CVE Published:; 13 April 2009

Summary

The vulnerability involves multiple stack-based buffer overflows in DZIP32.DLL and DZIPS32.DLL, affecting several versions of DynaZip Max and TurboZIP. When a long filename is processed during operations such as Fix, Add, Update, or Freshen in ZIP archives, it can allow user-assisted attackers to execute arbitrary code. This issue underscores the critical need for proper input validation in file handling operations.

References

http://www.securitytracker.com/id?1022021

vdb-entryx_refsource_SECTRACK

http://innermedia.com/upgrades.html

x_refsource_MISC

http://www.securityfocus.com/archive/1/441083

mailing-listx_refsource_BUGTRAQ

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 13, 2009
Vulnerability Reserved
Oct 3, 2008