CVE-2008-4420

Name of the Vulnerable Software and Affected Versions DynaZip Max versions prior to 5.0.0.8 DynaZip Max Secure versions prior to 6.0.0.5 HP OpenView Performance Agent version C.04.60 HP Performance Agent versions C.04.70 and C.04.72 TurboZIP version 6.0

Description The issue allows user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during certain actions, including Fix, Add, Update, or Freshen.

Recommendations For DynaZip Max versions prior to 5.0.0.8, update to version 5.0.0.8 or later. For DynaZip Max Secure versions prior to 6.0.0.5, update to version 6.0.0.5 or later. For HP OpenView Performance Agent version C.04.60, consider updating to a newer version. For HP Performance Agent versions C.04.70 and C.04.72, consider updating to a newer version. For TurboZIP version 6.0, consider updating to a newer version. As a temporary workaround, consider avoiding the use of long filenames in ZIP archives for the affected products until a patch is available.