Self-Solve Knowledge Search

Minimize Maximize
Stack buffer overflow vulnerability in LoadRunner
Title :
Stack buffer overflow vulnerability in LoadRunner
Document ID :
KM01566261
Product - Version:
performance center 11.52 ; loadrunner 11.52 ;
OS :
Windows
Updated :
Thu May 21 09:08:06 GMT 2015
Summary :
Attacker can connect to LG machine with LR Agent running, send malicious data, and potentially corrupt the LR Agent process memory, and execute malicious instructions.

Due to a potential stack overflow problem, an attacker can use the LR Agent to connect to a Load Generator machine and execute malicious instructions. The attacker can then use the Load Generator machine to perform dangerous operations.

Solution
The attached file “two_way_comm.dll” should be replaced in the following locations:
%LOADRUNNER_INSTALL_DIRECTORY%\bin
%LOADRUNNER_INSTALL_DIRECTORY%\launch_service\bin
This should be done on all machines that LoadRunner is installed such as the Controller, Load Generator and MIListener.
 
Note: This fix has already been implemented on LoadRunner 12.00/Performance Center 12.00 and above, therefore this hotfix is relevant for LoadRunner 11.52/Performance Center 11.52 only.