en

‫ HP LoadRunner USR File Directive Parsing Buffer Overflow Vulnerability

IRCAD2011061238
ID:IRCAD2011061238
Release Date: 2011-06-09
Criticality level: Highly critical
Software:
HP LoadRunner 11.x
HP LoadRunner 9.x
Description:
A vulnerability has been reported in HP LoadRunner, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error when parsing directives within a Virtual User Script (USR) file and can be exploited to cause a buffer overflow by e.g. tricking a user into opening a USR file with overly long directive strings.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions 11.0 and 9.50. Other versions may also be affected.
Solution:
Do not open untrusted USR files. Reportedly, the vendor will fix this in an upcoming version.
References:
US-CERT VU#987308:
Secunia:
http://secunia.com/advisories/44809/

The Wall

No comments
You need to sign in to comment