CVE-2007-0446

2007-02-0823:28:00

mitre

web.nvd.nist.gov

cve-2007-0446

buffer overflow

magentproc.exe

remote code execution

tcp port 54345

nvd

security vulnerability

hp performance center agent

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.774

Percentile

98.2%

JSON

Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long server_ip_name field to TCP port 54345, which triggers the overflow in mchan.dll.

Affected configurations

Nvd

Node

hpmercury_loadrunner_agentMatch8.0

hpmercury_loadrunner_agentMatch8.1

hpmercury_monitor_over_firewallMatch8.1

hpmercury_performance_center_agentMatch8.0

hpmercury_performance_center_agentMatch8.1

VendorProductVersionCPE
hpmercury_loadrunner_agent8.0cpe:2.3:a:hp:mercury_loadrunner_agent:8.0:*:*:*:*:*:*:*
hpmercury_loadrunner_agent8.1cpe:2.3:a:hp:mercury_loadrunner_agent:8.1:*:*:*:*:*:*:*
hpmercury_monitor_over_firewall8.1cpe:2.3:a:hp:mercury_monitor_over_firewall:8.1:*:*:*:*:*:*:*
hpmercury_performance_center_agent8.0cpe:2.3:a:hp:mercury_performance_center_agent:8.0:*:*:*:*:*:*:*
hpmercury_performance_center_agent8.1cpe:2.3:a:hp:mercury_performance_center_agent:8.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hp	mercury_loadrunner_agent	8.0	cpe:2.3:a:hp:mercury_loadrunner_agent:8.0:::::::*
hp	mercury_loadrunner_agent	8.1	cpe:2.3:a:hp:mercury_loadrunner_agent:8.1:::::::*
hp	mercury_monitor_over_firewall	8.1	cpe:2.3:a:hp:mercury_monitor_over_firewall:8.1:::::::*
hp	mercury_performance_center_agent	8.0	cpe:2.3:a:hp:mercury_performance_center_agent:8.0:::::::*
hp	mercury_performance_center_agent	8.1	cpe:2.3:a:hp:mercury_performance_center_agent:8.1:::::::*