Stack-Based Buffer Overflow in HP Mercury LoadRunner Agent and Performance Center
CVE-2007-0446

Currently unrated

Key Information:

Vendor: HP
Status: Mercury Monitor Over Firewall; Mercury Loadrunner Agent; Mercury Performance Center Agent
Vendor: CVE Published:; 8 February 2007

Summary

A stack-based buffer overflow vulnerability exists in the magentproc.exe component of HP Mercury LoadRunner Agent and associated products. This flaw allows remote attackers to send specially crafted packets, which include an overly long server_ip_name field, to TCP port 54345, leading to potential arbitrary code execution via the compromised mchan.dll module. Organizations using the affected versions should take immediate action to implement security patches and mitigate risk.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/32390

vdb-entryx_refsource_XF

http://www.zerodayinitiative.com/advisories/ZDI-07-007.html

x_refsource_MISC

http://securitytracker.com/id?1017612

vdb-entryx_refsource_SECTRACK

EPSS Score

63% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 8, 2007
Vulnerability Reserved
Jan 23, 2007