CVE-2007-0446

Name of the Vulnerable Software and Affected Versions Hewlett-Packard Mercury LoadRunner Agent versions 8.0 through 8.1 Hewlett-Packard Performance Center Agent versions 8.0 through 8.1 Hewlett-Packard Monitor over Firewall version 8.1

Description The issue is a stack-based buffer overflow in magentproc.exe, triggered by a packet with a long server ip name field sent to TCP port 54345. This overflow occurs in the mchan.dll component and allows remote attackers to execute arbitrary code.

Recommendations For Hewlett-Packard Mercury LoadRunner Agent versions 8.0 and 8.1, consider restricting access to TCP port 54345 until a patch is available. For Hewlett-Packard Performance Center Agent versions 8.0 and 8.1, avoid using the server ip name field in packets sent to TCP port 54345 to minimize the risk of exploitation. For Hewlett-Packard Monitor over Firewall version 8.1, as a temporary workaround, consider disabling the mchan.dll component until a patch is available.