CVE-2008-4420

Name: CVE-2008-4420
Creator: NVD / NIST
Published: 2009-04-13T16:30:00.203+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.66%

Last modified Jun 16, 2026

CVE-2008-4420 is a vulnerability of currently unknown severity. Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.. EPSS estimates a 5.66% chance of exploitation in the next 30 days.

Description

Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.

Metrics

EPSS Probability

5.66%

92.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Hp	Openview Performance Agent	c.04.60
Hp	Openview Performance Agent	c.04.70
Hp	Openview Performance Agent	c.04.72
Innermedia	Dynazip Max	<= 5.0.0.7
Innermedia	Dynazip Max Secure	<= 6.0.0.4
Filestream	Turbozip	6.0

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01622011Vendor Advisory
http://innermedia.com/upgrades.html
http://osvdb.org/53478
http://secunia.com/advisories/21180Vendor Advisory
http://secunia.com/advisories/34659Vendor Advisory
http://vuln.sg/dynazip5007-en.htmlExploit
http://vuln.sg/turbozip6-en.html
http://www.securityfocus.com/archive/1/441083
http://www.securityfocus.com/archive/1/441084
http://www.securityfocus.com/bid/19143Patch
http://www.securitytracker.com/id?1022021
http://www.vupen.com/english/advisories/2006/2957Vendor Advisory
http://www.vupen.com/english/advisories/2009/0980Vendor Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01622011Vendor Advisory
http://innermedia.com/upgrades.html
http://osvdb.org/53478
http://secunia.com/advisories/21180Vendor Advisory
http://secunia.com/advisories/34659Vendor Advisory
http://vuln.sg/dynazip5007-en.htmlExploit
http://vuln.sg/turbozip6-en.html
http://www.securityfocus.com/archive/1/441083
http://www.securityfocus.com/archive/1/441084
http://www.securityfocus.com/bid/19143Patch
http://www.securitytracker.com/id?1022021
http://www.vupen.com/english/advisories/2006/2957Vendor Advisory
http://www.vupen.com/english/advisories/2009/0980Vendor Advisory

Timeline

Published: Apr 13, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2008-4420?

How severe is CVE-2008-4420?

Severity scoring for CVE-2008-4420 is pending analysis. The EPSS model estimates a 5.66% probability of exploitation in the next 30 days.

How do I fix CVE-2008-4420?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-4420?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST