Buffer Overflow Vulnerability in HP LoadRunner from HP
CVE-2011-4789

Currently unrated

Key Information:

Vendor: HP
Status: Diagnostics
Vendor: CVE Published:; 13 January 2012

Summary

A buffer overflow vulnerability exists in the magentservice.exe component of the HP LoadRunner server. This flaw enables remote attackers to execute arbitrary code by sending a specially crafted packet containing a maliciously manipulated size value. Although initially reported as affecting HP Diagnostics Server, HP clarified that the vulnerability is specific to HP LoadRunner prior to patch 4. Organizations using affected versions should apply the necessary patches to safeguard against potential exploits.

References

http://osvdb.org/78309

vdb-entryx_refsource_OSVDB

http://zerodayinitiative.com/advisories/ZDI-12-016/

x_refsource_MISC

http://www.securityfocus.com/bid/51398

vdb-entryx_refsource_BID

EPSS Score

77% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 13, 2012
Vulnerability Reserved
Dec 13, 2011