CVE-2007-0446

2007-02-0823:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-0446

buffer overflow

magentproc.exe

remote code execution

tcp port 54345

nvd

security vulnerability

hp performance center agent

7.9 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.774 High

EPSS

Percentile

98.2%

JSON

Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long server_ip_name field to TCP port 54345, which triggers the overflow in mchan.dll.

CPENameOperatorVersion
hp:mercury_monitor_over_firewallhp mercury monitor over firewalleq8.1
hp:mercury_loadrunner_agenthp mercury loadrunner agenteq8.1
hp:mercury_performance_center_agenthp mercury performance center agenteq8.1
hp:mercury_performance_center_agenthp mercury performance center agenteq8.0
hp:mercury_loadrunner_agenthp mercury loadrunner agenteq8.0

CPE	Name	Operator	Version
hp:mercury_monitor_over_firewall	hp mercury monitor over firewall	eq	8.1
hp:mercury_loadrunner_agent	hp mercury loadrunner agent	eq	8.1
hp:mercury_performance_center_agent	hp mercury performance center agent	eq	8.1
hp:mercury_performance_center_agent	hp mercury performance center agent	eq	8.0
hp:mercury_loadrunner_agent	hp mercury loadrunner agent	eq	8.0