CVE-2016-4359

Name of the Vulnerable Software and Affected Versions HPE LoadRunner versions 11.52 through patch 3 HPE LoadRunner versions 12.00 through patch 1 HPE LoadRunner versions 12.01 through patch 3 HPE LoadRunner versions 12.02 through patch 2 HPE LoadRunner versions 12.50 through patch 3 HPE Performance Center versions 11.52 through patch 3 HPE Performance Center versions 12.00 through patch 1 HPE Performance Center versions 12.01 through patch 3 HPE Performance Center versions 12.20 through patch 2 HPE Performance Center versions 12.50 through patch 1

Description The issue is a stack-based buffer overflow in mchan.dll, allowing remote attackers to execute arbitrary code via a long server name value.

Recommendations For HPE LoadRunner versions 11.52 through patch 3, update to a version after patch 3. For HPE LoadRunner versions 12.00 through patch 1, update to a version after patch 1. For HPE LoadRunner versions 12.01 through patch 3, update to a version after patch 3. For HPE LoadRunner versions 12.02 through patch 2, update to a version after patch 2. For HPE LoadRunner versions 12.50 through patch 3, update to a version after patch 3. For HPE Performance Center versions 11.52 through patch 3, update to a version after patch 3. For HPE Performance Center versions 12.00 through patch 1, update to a version after patch 1. For HPE Performance Center versions 12.01 through patch 3, update to a version after patch 3. For HPE Performance Center versions 12.20 through patch 2, update to a version after patch 2. For HPE Performance Center versions 12.50 through patch 1, update to a version after patch 1.