HP Performance Center < 12.53 Patch 4 libxdrutil.dll mxdr_string() RCE
Critical Nessus Plugin ID 97889
SynopsisA software performance testing application installed on the remote Windows host is affected by a remote code execution vulnerability.
DescriptionThe version of HP Performance Center installed on the remote Windows host is prior to 12.53 Patch 4. It is, therefore, affected by a remote code execution vulnerability due to a heap-based buffer overflow condition in the mxdr_string() function in libxdrutil.dll. An unauthenticated, remote attacker can exploit this to execute arbitrary code.
SolutionUpgrade to HP Performance Center version 12.53 Patch 4 or later.