The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of MicroFocus Diagnostics

vulnerability bulletin CVE-2012-3278

HP Diagnostics: code execution via magentservice.exe

Synthesis of the vulnerability

A network attacker can generate a buffer overflow in the HP Diagnostics magentservice.exe service, in order to execute code with system privileges.
Impacted products: HP Diagnostics.
Severity: 3/4.
Creation date: 23/08/2012.
Revision date: 23/01/2013.
Identifiers: BID-55159, c03645497, CVE-2012-3278, HPSBMU02841, SSRT100724, VIGILANCE-VUL-11883, ZDI-12-162, ZDI-CAN-1287.

Description of the vulnerability

The HP Diagnostics service uses the magentservice.exe process, which listens on port 23472 by default.

A network attacker can generate a buffer overflow in the HP Diagnostics magentservice.exe service, in order to execute code with system privileges.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2011-4789

HP Diagnostics Server, LoadRunner: buffer overflow via magentservice.exe

Synthesis of the vulnerability

An unauthenticated attacker can send a malicious packet to HP Diagnostics Server or LoadRunner, in order to generate a buffer overflow, leading to a denial of service or to code execution.
Impacted products: HP Diagnostics, LoadRunner.
Severity: 3/4.
Creation date: 13/01/2012.
Identifiers: BID-51398, c03216705, CVE-2011-4789, HPSBMU02785, SSRT100526, VIGILANCE-VUL-11281, ZDI-12-016.

Description of the vulnerability

The magentservice.exe service of HP Diagnostics Server listens on port 23472.

This service analyzes messages received on the port: the 32 first bits indicate a size, which is decremented by one, before been used to copy the remaining data. For example, if the packets starts with 0x00000000, the service tries to copy 0xFFFFFFFF bytes, which corrupts the memory.

An unauthenticated attacker can therefore send a malicious packet to HP Diagnostics Server, in order to generate a buffer overflow, leading to a denial of service or to code execution.

This vulnerability also impacts HP LoadRunner.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2011-0892

HP Diagnostics: Cross Site Scripting

Synthesis of the vulnerability

An attacker can create a Cross Site Scripting in HP Diagnostics.
Impacted products: HP Diagnostics.
Severity: 2/4.
Creation date: 28/03/2011.
Identifiers: BID-47052, c02770512, CVE-2011-0892, HPSBMA02649, SSRT100430, VIGILANCE-VUL-10496.

Description of the vulnerability

HP announced that an attacker can create a Cross Site Scripting in HP Diagnostics.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about MicroFocus Diagnostics: