Vulnerability Note VU#987308
HP LoadRunner buffer overflow vulnerability
HP LoadRunner contains a buffer overflow vulnerability when parsing Virtual User script files.
According to HP's website: HP LoadRunner software is the industry standard for performance validation. It allows you to prevent application performance problems by detecting bottlenecks before a new system or upgrade is deployed. HP LoadRunner contains a buffer overflow vulnerability when parsing Virtual User script (.usr) files containing long strings for directives, causing the HP LoadRunner application to crash.
An attacker could exploit the vulnerability by tricking a user into opening a crafted .usr file, causing HP LoadRunner to crash leading to possible execution of arbitrary code.
HP has stated they are planning to release a patch to address this vulnerability. As of this writing the patch has not been released.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Hewlett-Packard Company||Affected||08 Dec 2010||23 May 2011|
CVSS Metrics (Learn More)
Thanks to Jeremy Brown for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: Unknown
- Date Public: 31 May 2011
- Date First Published: 31 May 2011
- Date Last Updated: 31 May 2011
- Severity Metric: 0.34
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.