Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:C9B4EACAC23B94C69128097E58CAE065
HistoryFeb 16, 2007 - 12:00 a.m.

HP Mercury LoadRunner mchan.dll buffer overflow

2007-02-1600:00:00
SAINT Corporation
download.saintcorporation.com
10

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.774

Percentile

98.2%

JSON

Added: 02/16/2007
CVE: CVE-2007-0446
BID: 22487
OSVDB: 33132

Background

HP Mercury LoadRunner is a load testing solution.

Problem

A buffer overflow in the **mchan.dll** library allows remote attackers to execute arbitrary commands by sending a packet with a long **server_ip_name** field to port 54345/TCP.

Resolution

Apply the fix referenced in the HP Security Bulletin.

References

<http://www.securityfocus.com/archive/1/459505&gt;

Limitations

Exploit works on HP Mercury LoadRunner 8.1.

Platforms

Windows

Related

saint 3
zdi 1
cert 1
prion 1
cve 1
d2 1
checkpoint_advisories 1
securityvulns 2
cvelist 1
nvd 1
nessus 1
saint
saint
HP Mercury LoadRunner mchan.dll buffer overflow
2007-02-16 00:00:00
HP Mercury LoadRunner mchan.dll buffer overflow
2007-02-16 00:00:00
HP Mercury LoadRunner mchan.dll buffer overflow
2007-02-16 00:00:00
zdi
zdi
Hewlett-Packard Mercury LoadRunner Agent Stack Overflow Vulnerability
2007-02-08 00:00:00
cert
cert
HP Mercury products vulnerable to buffer overflow
2007-02-26 00:00:00
prion
prion
Stack overflow
2007-02-08 23:28:00
cve
cve
CVE-2007-0446
2007-02-08 23:28:00
d2
d2
DSquare Exploit Pack: D2SEC_MERCURY_LR
2007-02-08 23:28:00
checkpoint_advisories
checkpoint_advisories
HP Mercury Multiple Products Agent Command Processing Buffer Overflow (CVE-2007-0446)
2009-11-29 00:00:00
securityvulns
securityvulns
HP Mercury LoadRunner Agent buffer overflow
2007-02-09 00:00:00
ZDI-07-007: HP Mercury LoadRunner Agent Stack Overflow Vulnerability
2007-02-09 00:00:00
cvelist
cvelist
CVE-2007-0446
2007-02-08 23:00:00
nvd
nvd
CVE-2007-0446
2007-02-08 23:28:00
nessus
nessus
Mercury LoadRunner Agent server_ip_name Field Remote Buffer Overflow
2007-02-13 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.774

Percentile

98.2%

JSON
Related for SAINT:C9B4EACAC23B94C69128097E58CAE065
saint3zdi1cert1prion1cve1d21checkpoint_advisories1securityvulns2cvelist1nvd1nessus1