CVE-2011-4789

HP Diagnostics - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet. NOTE: it was originally reported that the affected product is HP Diagnostics Server, but HP states that "the vulnerable product is actually HP LoadRunner."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/18423

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by AbdulAziz Hariri, hal · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/hp_magentservice.rb

View Code ZIP pw:eip

References (4)

[Various Sources] http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03216705

[Third Party Advisory] http://zerodayinitiative.com/advisories/ZDI-12-016/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/51398

[Third Party Advisory, VDB Entry] http://osvdb.org/78309

Scores

EPSS 0.7854

EPSS Percentile 99.0%

Details

CWE

CWE-119

Status published

Products (1)

hp/diagnostics

Published Jan 13, 2012

Tracked Since Feb 18, 2026