Multiple Mercury Products Magnetproc.EXE Buffer Overflow Vulnerability
BID:22487
Info
Multiple Mercury Products Magnetproc.EXE Buffer Overflow Vulnerability
| Bugtraq ID: | 22487 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-0446 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 08 2007 12:00AM |
| Updated: | Feb 26 2007 11:06PM |
| Credit: | Eric DETOISIEN is credited with the discovery of this vulnerability. |
| Vulnerable: |
HP Mercury Performance Center Agent 8.1 FP4 HP Mercury Performance Center Agent 8.1 FP3 HP Mercury Performance Center Agent 8.1 FP2 HP Mercury Performance Center Agent 8.1 FP1 HP Mercury Performance Center Agent 8.1 HP Mercury Performance Center Agent 8.0 HP Mercury Monitor over Firewall 8.1 HP Mercury LoadRunner Agent 8.1 SP1 HP Mercury LoadRunner Agent 8.1 GA HP Mercury LoadRunner Agent 8.1 FP4 HP Mercury LoadRunner Agent 8.1 FP3 HP Mercury LoadRunner Agent 8.1 FP2 HP Mercury LoadRunner Agent 8.1 FP1 HP Mercury LoadRunner Agent 8.0 GA HP HP-UX 11.11 |
| Not Vulnerable: | |
Discussion
Multiple Mercury Products Magnetproc.EXE Buffer Overflow Vulnerability
Multiple Mercury products are prone to a stack-based buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code wtih the privileges of the currently logged-in user. Failed exploit attempts will result in a denial of service.
Multiple Mercury products are prone to a stack-based buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code wtih the privileges of the currently logged-in user. Failed exploit attempts will result in a denial of service.
Exploit / POC
Multiple Mercury Products Magnetproc.EXE Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Multiple Mercury Products Magnetproc.EXE Buffer Overflow Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
Multiple Mercury Products Magnetproc.EXE Buffer Overflow Vulnerability
References:
References: