Vulnerabilities > CVE-2015-5426 - Unspecified vulnerability in HP Loadrunner
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN hp
nessus
Summary
Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 13 |
Nessus
NASL family | Windows |
NASL id | HP_LOADRUNNER_HPSBMU03339.NASL |
description | The version of HP LoadRunner installed on the remote host is prior to 12.50. It is, therefore, affected by a local code execution vulnerability due to an overflow condition that is triggered when handling scenario files (.lrs). A local attacker can exploit this, via a specially crafted scenario file, to cause a stack-based buffer overflow, resulting in the execution of arbitrary code. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 85767 |
published | 2015-09-03 |
reporter | This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/85767 |
title | HP LoadRunner < 12.50 Scenario File Local Code Execution |
code |
|
References
- http://www.securitytracker.com/id/1033561
- http://www.securitytracker.com/id/1033561
- http://www.zerodayinitiative.com/advisories/ZDI-15-408
- http://www.zerodayinitiative.com/advisories/ZDI-15-408
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692147
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692147