This document is under revision.
Summary
Attacker can connect to LG machine with LR Agent running, send malicious data, and potentially corrupt the LR Agent process memory, and execute malicious instructions.
Question
Due to a potential stack overflow problem, an attacker can use the LR Agent to connect to a Load Generator machine and execute malicious instructions. The attacker can then use the Load Generator machine to perform dangerous operations.
Answer
The attached file “two_way_comm.dll” should be replaced in the following locations:
%LOADRUNNER_INSTALL_DIRECTORY%\bin
%LOADRUNNER_INSTALL_DIRECTORY%\launch_service\bin
This should be done on all machines that LoadRunner is installed such as the Controller, Load Generator and MIListener.
Note: This fix has already been implemented on LoadRunner 12.00/Performance Center 12.00 and above, therefore this hotfix is relevant for LoadRunner 11.52/Performance Center 11.52 only.