HP LoadRunner < 11.52 SSL Connection Handling Stack Buffer Overflow RCE
High Nessus Plugin ID 69424
SynopsisThe remote host has a software performance testing application running that is affected by a remote code execution vulnerability.
DescriptionThe version of HP LoadRunner running on the remote host is affected by a remote code execution vulnerability due to a failure to validate the length of data before copying it into a fixed-size buffer when handling connections using SSL. A remote, unauthenticated attacker can exploit this, via a specially crafted request, to cause a stack-based buffer overflow, resulting in the execution of arbitrary code with SYSTEM privileges.
SolutionUpgrade to HP LoadRunner 11.52 or later.