CVE-2016-4359

Sažetak

Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516.

Reference

http://www.securityfocus.com/bid/90975
http://www.securitytracker.com/id/1036006
http://www.zerodayinitiative.com/advisories/ZDI-16-363
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423
https://www.tenable.com/security/research/tra-2016-16

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

03-11-2017 - 01:29

Objavljeno

08-06-2016 - 14:59