Summary
Attacker can connect to LG machine with LR Agent running, send malicious data, and potentially corrupt the LR Agent process memory, and execute malicious instructions.
Question
Due to a potential stack overflow problem, an attacker can use the LR Agent to connect to a Load Generator machine and execute malicious instructions. The attacker can then use the Load Generator machine to perform dangerous operations.
Answer
The attached file “two_way_comm.dll” should be replaced in the following locations:
%LOADRUNNER_INSTALL_DIRECTORY%\bin
%LOADRUNNER_INSTALL_DIRECTORY%\launch_service\bin
This should be done on all machines that LoadRunner is installed such as the Controller, Load Generator and MIListener.
Note: This fix has already been implemented on LoadRunner 12.00/Performance Center 12.00 and above, therefore this hotfix is relevant for LoadRunner 11.52/Performance Center 11.52 only.