HP LoadRunner < 12.50 Scenario File Local Code Execution

Medium Nessus Plugin ID 85767


The remote Windows host has an application installed that is affected by a local code execution vulnerability.


The version of HP LoadRunner installed on the remote host is prior to 12.50. It is, therefore, affected by a local code execution vulnerability due to an overflow condition that is triggered when handling scenario files (.lrs). A local attacker can exploit this, via a specially crafted scenario file, to cause a stack-based buffer overflow, resulting in the execution of arbitrary code.


Upgrade to HP LoadRunner 12.50 or later.

See Also


Plugin Details

Severity: Medium

ID: 85767

File Name: hp_loadrunner_HPSBMU03339.nasl

Version: $Revision: 1.7 $

Type: local

Agent: windows

Family: Windows

Published: 2015/09/03

Modified: 2016/05/11

Dependencies: 59717

Risk Information

Risk Factor: Medium


Base Score: 4.4

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:loadrunner

Required KB Items: installed_sw/HP LoadRunner

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/09/01

Vulnerability Publication Date: 2015/09/01

Exploitable With

Core Impact

Reference Information

CVE: CVE-2015-5426

OSVDB: 126906

HP: HPSBMU03339, SSRT102014, emr_na-c04692147