Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:F7FBD6D7655FEE2A04EB984739FB6A73
HistoryFeb 16, 2007 - 12:00 a.m.

HP Mercury LoadRunner mchan.dll buffer overflow

2007-02-1600:00:00
SAINT Corporation
download.saintcorporation.com
11

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.774 High

EPSS

Percentile

97.9%

JSON

Added: 02/16/2007
CVE: CVE-2007-0446
BID: 22487
OSVDB: 33132

Background

HP Mercury LoadRunner is a load testing solution.

Problem

A buffer overflow in the **mchan.dll** library allows remote attackers to execute arbitrary commands by sending a packet with a long **server_ip_name** field to port 54345/TCP.

Resolution

Apply the fix referenced in the HP Security Bulletin.

References

<http://www.securityfocus.com/archive/1/459505&gt;

Limitations

Exploit works on HP Mercury LoadRunner 8.1.

Platforms

Windows

Related

saint 3
zdi 1
prion 1
cert 1
cve 1
d2 1
checkpoint_advisories 1
securityvulns 2
nessus 1
saint
saint
HP Mercury LoadRunner mchan.dll buffer overflow
2007-02-16 00:00:00
HP Mercury LoadRunner mchan.dll buffer overflow
2007-02-16 00:00:00
HP Mercury LoadRunner mchan.dll buffer overflow
2007-02-16 00:00:00
zdi
zdi
Hewlett-Packard Mercury LoadRunner Agent Stack Overflow Vulnerability
2007-02-08 00:00:00
prion
prion
Stack overflow
2007-02-08 23:28:00
cert
cert
HP Mercury products vulnerable to buffer overflow
2007-02-26 00:00:00
cve
cve
CVE-2007-0446
2007-02-08 23:28:00
d2
d2
DSquare Exploit Pack: D2SEC_MERCURY_LR
2007-02-08 23:28:00
checkpoint_advisories
checkpoint_advisories
HP Mercury Multiple Products Agent Command Processing Buffer Overflow (CVE-2007-0446)
2009-11-29 00:00:00
securityvulns
securityvulns
ZDI-07-007: HP Mercury LoadRunner Agent Stack Overflow Vulnerability
2007-02-09 00:00:00
HP Mercury LoadRunner Agent buffer overflow
2007-02-09 00:00:00
nessus
nessus
Mercury LoadRunner Agent server_ip_name Field Remote Buffer Overflow
2007-02-13 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.774 High

EPSS

Percentile

97.9%

JSON
Related for SAINT:F7FBD6D7655FEE2A04EB984739FB6A73
saint3zdi1prion1cert1cve1d21checkpoint_advisories1securityvulns2nessus1