The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Micro Focus LoadRunner

vulnerability note CVE-2013-2368 CVE-2013-2369 CVE-2013-2370

HP LoadRunner: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of HP LoadRunner.
Impacted products: LoadRunner.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 8.
Creation date: 25/07/2013.
Identifiers: BID-61436, BID-61437, BID-61441, BID-61442, BID-61443, BID-61444, BID-61445, BID-61446, c03862772, CERTA-2013-AVI-441, CVE-2013-2368, CVE-2013-2369, CVE-2013-2370, CVE-2013-4797, CVE-2013-4798, CVE-2013-4799, CVE-2013-4800, CVE-2013-4801, HPSBGN02905, SSRT101074, SSRT101081, SSRT101082, SSRT101083, SSRT101084, SSRT101085, SSRT101114, SSRT101117, VIGILANCE-VUL-13164, ZDI-13-169, ZDI-13-182, ZDI-13-202, ZDI-13-203, ZDI-13-206, ZDI-13-207, ZDI-13-208, ZDI-13-209, ZDI-CAN-1669, ZDI-CAN-1670, ZDI-CAN-1671, ZDI-CAN-1690, ZDI-CAN-1705, ZDI-CAN-1734, ZDI-CAN-1735, ZDI-CAN-1736.

Description of the vulnerability

Several vulnerabilities were announced in HP LoadRunner.

An attacker can generate a buffer overflow in micWebAjax.dll, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-61436, CVE-2013-2368, SSRT101081, ZDI-13-202, ZDI-CAN-1669]

An attacker can generate a memory corruption in lrFileIOService, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-61437, CVE-2013-2369, SSRT101082, ZDI-13-203, ZDI-CAN-1670]

An attacker can generate a memory corruption in lrFileIOService, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-61441, CVE-2013-2370, SSRT101083, ZDI-13-182, ZDI-CAN-1671]

An attacker can generate a memory corruption in LrWebIEBrowserMgr.dll, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-61444, CVE-2013-4797, SSRT101084, ZDI-13-206, ZDI-CAN-1690]

An attacker can generate a memory corruption in lrFileIOService, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-61443, CVE-2013-4798, SSRT101074, ZDI-13-207, ZDI-CAN-1705]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-61442, CVE-2013-4799, SSRT101114, ZDI-13-208, ZDI-CAN-1734]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-61446, CVE-2013-4800, SSRT101117, ZDI-13-169, ZDI-CAN-1735]

An attacker can generate a memory corruption in lrLRIServices, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-61445, CVE-2013-4801, SSRT101085, ZDI-13-209, ZDI-CAN-1736]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2011-4789

HP Diagnostics Server, LoadRunner: buffer overflow via magentservice.exe

Synthesis of the vulnerability

An unauthenticated attacker can send a malicious packet to HP Diagnostics Server or LoadRunner, in order to generate a buffer overflow, leading to a denial of service or to code execution.
Impacted products: HP Diagnostics, LoadRunner.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 13/01/2012.
Identifiers: BID-51398, c03216705, CVE-2011-4789, HPSBMU02785, SSRT100526, VIGILANCE-VUL-11281, ZDI-12-016.

Description of the vulnerability

The magentservice.exe service of HP Diagnostics Server listens on port 23472.

This service analyzes messages received on the port: the 32 first bits indicate a size, which is decremented by one, before been used to copy the remaining data. For example, if the packets starts with 0x00000000, the service tries to copy 0xFFFFFFFF bytes, which corrupts the memory.

An unauthenticated attacker can therefore send a malicious packet to HP Diagnostics Server, in order to generate a buffer overflow, leading to a denial of service or to code execution.

This vulnerability also impacts HP LoadRunner.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2011-2328

HP LoadRunner: buffer overflow via Virtual User

Synthesis of the vulnerability

An attacker can create a malicious Virtual User file, in order to create a buffer overflow in HP LoadRunner, and to execute code.
Impacted products: LoadRunner.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 07/06/2011.
Identifiers: BID-48073, c03216705, CVE-2011-2328, HPSBMU02785, SSRT100526, VIGILANCE-VUL-10721, VU#987308.

Description of the vulnerability

The HP LoadRunner product simulates users (Virtual User) in order to test an application under load.

Virtual Users are defined in a file with the ".usr" extension. The Vuser User Generator (VuGen.exe) application is called to open ".usr" files. However, when directives in a ".usr" file are too long, a buffer overflow occurs in VuGen.exe.

An attacker can therefore create a malicious Virtual User file, in order to create a buffer overflow in HP LoadRunner, and to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2011-0272

HP LoadRunner, Performance Center: code execution

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the magentproc.exe process, in order to execute code with SYSTEM privileges.
Impacted products: LoadRunner, Performance Center.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 25/01/2011.
Identifiers: BID-45792, c02680678, CERTA-2011-AVI-019, CVE-2011-0272, HPSBMA02624, SSRT100195, VIGILANCE-VUL-10296, ZDI-11-015.

Description of the vulnerability

The HP LoadRunner and HP Performance Center products install the magentproc.exe process. It listens on ports 5001/tcp and 5002/tcp, when HttpTunnel is enabled.

However, the process does not check the allocation size requested by the client. A malicious client can thus request a short memory area, in order to create an overflow.

An attacker can therefore generate a buffer overflow in the magentproc.exe process, in order to execute code with SYSTEM privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Micro Focus LoadRunner: