{"vuid":"VU#987308","idnumber":"987308","name":"HP LoadRunner buffer overflow vulnerability","keywords":["HP","LoadRunner","buffer overflow","arbitrary code execution"],"overview":"HP LoadRunner contains a buffer overflow vulnerability when parsing Virtual User script files.","clean_desc":"According to HP's website: HP LoadRunner software is the industry standard for performance validation. It allows you to prevent application performance problems by detecting bottlenecks before a new system or upgrade is deployed. HP LoadRunner contains a buffer overflow vulnerability when parsing Virtual User script (.usr) files containing long strings for directives, causing the HP LoadRunner application to crash.","impact":"An attacker could exploit the vulnerability by tricking a user into opening a crafted .usr file, causing HP LoadRunner to crash leading to possible execution of arbitrary code.","resolution":"HP has stated they are planning to release a patch to address this vulnerability. As of this writing the patch has not been released.","workarounds":"","sysaffected":"","thanks":"Thanks to Jeremy Brown for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["h","t","t","p","s",":","/","/","h","1","0","0","7","8",".","w","w","w","1",".","h","p",".","c","o","m","/","c","d","a","/","h","p","m","s","/","d","i","s","p","l","a","y","/","m","a","i","n","/","h","p","m","s","_","c","o","n","t","e","n","t",".","j","s","p","?","z","n","=","b","t","o","&","c","p","=","1","-","1","1","-","1","2","6","-","1","7","^","8","_","4","0","0","0","_","1","0","0","_","_"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2010-12-06T20:49:23Z","publicdate":"2011-05-31T00:00:00Z","datefirstpublished":"2011-05-31T18:11:54Z","dateupdated":"2011-05-31T18:11:55Z","revision":11,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"1","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"15","cam_impact":"10","cam_easeofexploitation":"3","cam_attackeraccessrequired":"10","cam_scorecurrent":"0.3375","cam_scorecurrentwidelyknown":"1.940625","cam_scorecurrentwidelyknownexploited":"3.628125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.3375,"vulnote":null}