CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.2%
Added: 02/16/2007
CVE: CVE-2007-0446
BID: 22487
OSVDB: 33132
HP Mercury LoadRunner is a load testing solution.
A buffer overflow in the **mchan.dll**
library allows remote attackers to execute arbitrary commands by sending a packet with a long **server_ip_name**
field to port 54345/TCP.
Apply the fix referenced in the HP Security Bulletin.
<http://www.securityfocus.com/archive/1/459505>
Exploit works on HP Mercury LoadRunner 8.1.
Windows