HP LoadRunner Agent 'magnetproc.exe' Remote Code Execution Vulnerability

Bugtraq ID:	39965
Class:	Input Validation Error
CVE:	CVE-2010-1549
Remote:	Yes
Local:	No
Published:	May 06 2010 12:00AM
Updated:	May 11 2010 04:02PM
Credit:	Tenable Network Security and TippingPoints Zero Day Initiative
Vulnerable:	HP Performance Center Agent 8.1 FP1 HP Performance Center Agent 0 HP Mercury Performance Center Agent 8.1 FP4 HP Mercury Performance Center Agent 8.1 FP3 HP Mercury Performance Center Agent 8.1 FP2 HP Mercury Performance Center Agent 8.1 FP1 HP Mercury Performance Center Agent 8.1 HP Mercury Performance Center Agent 8.0 HP Mercury LoadRunner Agent 9.5
Not Vulnerable:

HP LoadRunner Agent 'magnetproc.exe' Remote Code Execution Vulnerability

HP LoadRunner Agent is prone to an unspecified remote code-execution vulnerability.

A remote attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computers.

HP LoadRunner Agent 9.50 is vulnerable; other versions may also be affected.

HP LoadRunner Agent 'magnetproc.exe' Remote Code Execution Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

HP LoadRunner Agent 'magnetproc.exe' Remote Code Execution Vulnerability

Solution:
Updates are available; please see the references for more information.

HP LoadRunner Agent 'magnetproc.exe' Remote Code Execution Vulnerability

References:

• HP Homepage (HP)
  
• ZDI-10-080: HP Mercury LoadRunner Agent Trusted Input Remote Code Execution Vuln (Zero Day Initiative)