Lucene search
Tenable Network SecurityZDI-10-080HistoryMay 06, 2010 - 12:00 a.m.
HP Mercury LoadRunner Agent Trusted Input Remote Code Execution Vulnerability
2010-05-0600:00:00
Tenable Network Security
www.zerodayinitiative.com
30
EPSS
0.956
Percentile
99.5%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Mercury LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the process magentproc.exe that binds to TCP port 54345. A specially crafted packet will allow unauthenticated users to execute local commands. When a state of 0 or 4 is passed after the parameters, mchan.dll will process the commands on the host. This allows for remote code execution under the context of the SYSTEM user.
Related
d2
d2
DSquare Exploit Pack: D2SEC_HPLR
2010-05-07 18:24:00
nessus
nessus
HP Mercury LoadRunner Agent Remote Command Execution
2010-05-07 00:00:00
exploitdb
exploitdb
cve
cve
CVE-2010-1549
2010-05-07 18:24:15
packetstorm
packetstorm
HP Mercury LoadRunner Agent magentproc.exe Remote Command Execution
2017-12-30 00:00:00
securityvulns
securityvulns
zdt
zdt
HP Mercury LoadRunner Agent magentproc.exe Remote Command Execution Exploit
2017-12-30 00:00:00
prion
prion
Code injection
2010-05-07 18:24:00
cvelist
cvelist
CVE-2010-1549
2010-05-07 17:43:00
nvd
nvd
CVE-2010-1549
2010-05-07 18:24:15
metasploit
metasploit
HP Mercury LoadRunner Agent magentproc.exe Remote Command Execution
2017-11-08 16:59:18