ID CVE-2007-0446
Summary Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long server_ip_name field to TCP port 54345, which triggers the overflow in mchan.dll.
References
Vulnerable Configurations
  • cpe:2.3:a:hp:mercury_loadrunner_agent:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:hp:mercury_loadrunner_agent:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:mercury_loadrunner_agent:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:hp:mercury_loadrunner_agent:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:mercury_monitor_over_firewall:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:hp:mercury_monitor_over_firewall:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:mercury_performance_center_agent:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:hp:mercury_performance_center_agent:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:mercury_performance_center_agent:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:hp:mercury_performance_center_agent:8.1:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 16-10-2018 - 16:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 22487
bugtraq 20070208 ZDI-07-007: HP Mercury LoadRunner Agent Stack Overflow Vulnerability
cert-vn VU#303012
ciac R-123
hp
  • HPSBGN02187
  • SSRT061280
misc http://www.zerodayinitiative.com/advisories/ZDI-07-007.html
osvdb 33132
sectrack
  • 1017611
  • 1017612
  • 1017613
secunia 24112
vupen ADV-2007-0535
xf mercury-multiple-agent-bo(32390)
saint via4
bid 22487
description HP Mercury LoadRunner mchan.dll buffer overflow
id misc_mercuryloadrunnerbo
osvdb 33132
title hp_mercury_mchan
type remote
Last major update 16-10-2018 - 16:32
Published 08-02-2007 - 23:28
Last modified 16-10-2018 - 16:32
Back to Top