Lucene search
Eric DETOISIENZDI-07-007HistoryFeb 08, 2007 - 12:00 a.m.
Hewlett-Packard Mercury LoadRunner Agent Stack Overflow Vulnerability
2007-02-0800:00:00
Eric DETOISIEN
www.zerodayinitiative.com
18
EPSS
0.774
Percentile
98.2%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Mercury LoadRunner Agent, Mercury Performance Center Agent and Mercury Monitor over Firewall. Authentication is not required to exploit this vulnerability. The specific flaw exists within the process magentproc.exe that binds to TCP port 54345. When parsing packets containing an overly long ‘server_ip_name’ field, an exploitable stack overflow may be triggered due to an an inline strcpy() within the library mchan.dll.
Related
saint
saint
HP Mercury LoadRunner mchan.dll buffer overflow
2007-02-16 00:00:00
HP Mercury LoadRunner mchan.dll buffer overflow
2007-02-16 00:00:00
HP Mercury LoadRunner mchan.dll buffer overflow
2007-02-16 00:00:00
cert
cert
HP Mercury products vulnerable to buffer overflow
2007-02-26 00:00:00
prion
prion
Stack overflow
2007-02-08 23:28:00
cve
cve
CVE-2007-0446
2007-02-08 23:28:00
d2
d2
DSquare Exploit Pack: D2SEC_MERCURY_LR
2007-02-08 23:28:00
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
HP Mercury LoadRunner Agent buffer overflow
2007-02-09 00:00:00
ZDI-07-007: HP Mercury LoadRunner Agent Stack Overflow Vulnerability
2007-02-09 00:00:00
cvelist
cvelist
CVE-2007-0446
2007-02-08 23:00:00
nvd
nvd
CVE-2007-0446
2007-02-08 23:28:00
nessus
nessus
Mercury LoadRunner Agent server_ip_name Field Remote Buffer Overflow
2007-02-13 00:00:00