Mercury LoadRunner Agent server_ip_name Field Remote Buffer Overflow

critical Nessus Plugin ID 24327


The remote server is affected by a buffer overflow vulnerability.


The version of the LoadRunner Agent installed on the remote host contains a buffer overflow in 'mchan.dll' that can be exploited by an unauthenticated, remote attacker using a request with a long 'server_ip_name' field to crash the affected service or execute arbitrary code subject to the permissions of the user id under which the agent runs.


HP no longer supports version 8.x of this product and patches may no longer be available. HP recommends all users upgrade to latest available version of 9.x.

See Also

Plugin Details

Severity: Critical

ID: 24327

File Name: loadrunner_agent_server_ip_name_overflow.nasl

Version: 1.20

Type: remote

Published: 2/13/2007

Updated: 11/15/2018

Risk Information


Risk Factor: High

Score: 7.4


Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:hp:loadrunner

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2/8/2007

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2007-0446

BID: 22487