HP LoadRunner < 12.50 Scenario File Local Code Execution
Medium Nessus Plugin ID 85767
SynopsisThe remote Windows host has an application installed that is affected by a local code execution vulnerability.
DescriptionThe version of HP LoadRunner installed on the remote host is prior to 12.50. It is, therefore, affected by a local code execution vulnerability due to an overflow condition that is triggered when handling scenario files (.lrs). A local attacker can exploit this, via a specially crafted scenario file, to cause a stack-based buffer overflow, resulting in the execution of arbitrary code.
SolutionUpgrade to HP LoadRunner 12.50 or later.