HP Mercury LoadRunner mchan.dll buffer overflow

2007-02-16T00:00:00
ID SAINT:39AAA570DA31F2514F7C740D830233CA
Type saint
Reporter SAINT Corporation
Modified 2007-02-16T00:00:00

Description

Added: 02/16/2007
CVE: CVE-2007-0446
BID: 22487
OSVDB: 33132

Background

HP Mercury LoadRunner is a load testing solution.

Problem

A buffer overflow in the **mchan.dll** library allows remote attackers to execute arbitrary commands by sending a packet with a long **server_ip_name** field to port 54345/TCP.

Resolution

Apply the fix referenced in the HP Security Bulletin.

References

<http://www.securityfocus.com/archive/1/459505>

Limitations

Exploit works on HP Mercury LoadRunner 8.1.

Platforms

Windows