HP LoadRunner contains a buffer overflow vulnerability when parsing Virtual User script files.
According to HP's website: HP LoadRunner software is the industry standard for performance validation. It allows you to prevent application performance problems by detecting bottlenecks before a new system or upgrade is deployed. HP LoadRunner contains a buffer overflow vulnerability when parsing Virtual User script (.usr) files containing long strings for directives, causing the HP LoadRunner application to crash.
An attacker could exploit the vulnerability by tricking a user into opening a crafted .usr file, causing HP LoadRunner to crash leading to possible execution of arbitrary code.
HP has stated they are planning to release a patch to address this vulnerability. As of this writing the patch has not been released.
Thanks to Jeremy Brown for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2011-05-31|
|Date Last Updated:||2011-05-31 18:11 UTC|