PT-2016-5905 · Hewlett Packard · Mchan.Dll+2
Published
2016-06-03
·
Updated
2017-11-03
·
CVE-2016-4359
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
HPE LoadRunner versions 11.52 through patch 3
HPE LoadRunner versions 12.00 through patch 1
HPE LoadRunner versions 12.01 through patch 3
HPE LoadRunner versions 12.02 through patch 2
HPE LoadRunner versions 12.50 through patch 3
HPE Performance Center versions 11.52 through patch 3
HPE Performance Center versions 12.00 through patch 1
HPE Performance Center versions 12.01 through patch 3
HPE Performance Center versions 12.20 through patch 2
HPE Performance Center versions 12.50 through patch 1
Description
The issue is a stack-based buffer overflow in mchan.dll, allowing remote attackers to execute arbitrary code via a long
server name value.Recommendations
For HPE LoadRunner versions 11.52 through patch 3, update to a version after patch 3.
For HPE LoadRunner versions 12.00 through patch 1, update to a version after patch 1.
For HPE LoadRunner versions 12.01 through patch 3, update to a version after patch 3.
For HPE LoadRunner versions 12.02 through patch 2, update to a version after patch 2.
For HPE LoadRunner versions 12.50 through patch 3, update to a version after patch 3.
For HPE Performance Center versions 11.52 through patch 3, update to a version after patch 3.
For HPE Performance Center versions 12.00 through patch 1, update to a version after patch 1.
For HPE Performance Center versions 12.01 through patch 3, update to a version after patch 3.
For HPE Performance Center versions 12.20 through patch 2, update to a version after patch 2.
For HPE Performance Center versions 12.50 through patch 1, update to a version after patch 1.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hp Loadrunner
Hpe Performance Center
Mchan.Dll