The version of HP LoadRunner running on the remote host is affected by a remote code execution vulnerability due to a failure to validate the length of data before copying it into a fixed-size buffer when handling connections using SSL. A remote, unauthenticated attacker can exploit this, via a specially crafted request, to cause a stack-based buffer overflow, resulting in the execution of arbitrary code with SYSTEM privileges.
Binary data hp_loadrunner_cve-2013-4800.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
hp | loadrunner | cpe:/a:hp:loadrunner | |
hp | mercury_loadrunner_agent | cpe:/a:hp:mercury_loadrunner_agent |