Stack buffer overflow vulnerability in LoadRunner

  • KM01566261
  • 11-May-2015
  • 21-May-2015


Attacker can connect to LG machine with LR Agent running, send malicious data, and potentially corrupt the LR Agent process memory, and execute malicious instructions.


Due to a potential stack overflow problem, an attacker can use the LR Agent to connect to a Load Generator machine and execute malicious instructions. The attacker can then use the Load Generator machine to perform dangerous operations.


The attached file “two_way_comm.dll” should be replaced in the following locations:
This should be done on all machines that LoadRunner is installed such as the Controller, Load Generator and MIListener.
Note: This fix has already been implemented on LoadRunner 12.00/Performance Center 12.00 and above, therefore this hotfix is relevant for LoadRunner 11.52/Performance Center 11.52 only.