Stack buffer overflow vulnerability in LoadRunner

  • KM01566261R
  • 11-May-2015
  • 21-May-2015

This document is under revision.


Attacker can connect to LG machine with LR Agent running, send malicious data, and potentially corrupt the LR Agent process memory, and execute malicious instructions.


Due to a potential stack overflow problem, an attacker can use the LR Agent to connect to a Load Generator machine and execute malicious instructions. The attacker can then use the Load Generator machine to perform dangerous operations.


The attached file “two_way_comm.dll” should be replaced in the following locations:
This should be done on all machines that LoadRunner is installed such as the Controller, Load Generator and MIListener.
Note: This fix has already been implemented on LoadRunner 12.00/Performance Center 12.00 and above, therefore this hotfix is relevant for LoadRunner 11.52/Performance Center 11.52 only.