HP LoadRunner 'magentservice.exe' Remote Stack Buffer Overflow Vulnerability
BID:51398
CVE-2011-4789 |Info
HP LoadRunner 'magentservice.exe' Remote Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 51398 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2011-4789 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 12 2012 12:00AM |
| Updated: | Apr 08 2013 03:58PM |
| Credit: | AbdulAziz Hariri |
| Vulnerable: |
HP LoadRunner 11.0 |
| Not Vulnerable: |
HP LoadRunner 11.0 patch4 |
Discussion
HP LoadRunner 'magentservice.exe' Remote Stack Buffer Overflow Vulnerability
HP LoadRunner is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Attackers can exploit this issue to execute arbitrary code within the context of the application. Failed attacks may cause a denial-of-service condition.
HP LoadRunner is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Attackers can exploit this issue to execute arbitrary code within the context of the application. Failed attacks may cause a denial-of-service condition.
Exploit / POC
HP LoadRunner 'magentservice.exe' Remote Stack Buffer Overflow Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
HP LoadRunner 'magentservice.exe' Remote Stack Buffer Overflow Vulnerability
Solution:
Updates are available. Please see the referenced vendor advisory for more information.
Solution:
Updates are available. Please see the referenced vendor advisory for more information.
References
HP LoadRunner 'magentservice.exe' Remote Stack Buffer Overflow Vulnerability
References:
References:
- (0Day) HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerabili (TippingPoint Zero Day Initiative)
- HP Homepage (HP)