Computer Security

CVE-2008-4420
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2008-4420
StatusCandidate
DescriptionMultiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.
PhaseAssigned (03.10.2008)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4420
ReferencesBID : 19143
 BUGTRAQ : 20060725 [vuln.sg] DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities
 BUGTRAQ : 20060725 [vuln.sg] TurboZIP ZIP Repair Buffer Overflow Vulnerability
 HP : HPSBMA02396
 HP : SSRT080175
 MISC : http://innermedia.com/upgrades.html
 MISC : http://vuln.sg/dynazip5007-en.html
 MISC : http://vuln.sg/turbozip6-en.html
 OSVDB : 53478
 SECTRACK : 1022021
 SECUNIA : 21180
 SECUNIA : 34659
 VUPEN : ADV-2006-2957
 VUPEN : ADV-2009-0980
SecurityVulns:Windows ZIP folders buffer overflow
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server