HP Mercury LoadRunner mchan.dll buffer overflow

Added: 02/16/2007
CVE: CVE-2007-0446
BID: 22487
OSVDB: 33132

Background

HP Mercury LoadRunner is a load testing solution.

Problem

A buffer overflow in the mchan.dll library allows remote attackers to execute arbitrary commands by sending a packet with a long server_ip_name field to port 54345/TCP.

Resolution

Apply the fix referenced in the HP Security Bulletin.

References

http://www.securityfocus.com/archive/1/459505

Limitations

Exploit works on HP Mercury LoadRunner 8.1.

Platforms

Windows

Back to exploit index