HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow.
[
{
"product": "HPE LoadRunner and Performance Center",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "HPE LoadRunner and Performance Center"
}
]
}
]
www.securityfocus.com/bid/101224
www.securityfocus.com/bid/96774
www.securitytracker.com/id/1038028
www.securitytracker.com/id/1038029
www.zerodayinitiative.com/advisories/ZDI-17-160/
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03712en_us
www.tenable.com/security/research/tra-2017-13