A vulnerability has been reported in HP LoadRunner and HP Performance Center, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an unspecified error in magentproc.exe, which can be exploited to execute local commands with SYSTEM privileges by sending a specially crafted packet to port 54345/TCP.
The vulnerability is reported in the following products:
* HP LoadRunner Agent running on Windows, supplied with LoadRunner prior to v9.50.
* HP Performance Center Agent running on Windows, supplied with HP Performance Center prior to v9.50.
Solution: Update to version 9.50 and enable the "Secure Channel" feature.
Provided and/or discovered by: Tenable Network Security, reported via ZDI.
Original Advisory: HP (HPSBMA02201 SSRT071328):
HP (HPSBMA02528 SSRT100106):
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: HP Load Runner and Performance Center Agent Command Execution Vulnerability
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.