SAINT CorporationSAINT:40F46BC69165289487497F2E0B7E350FHP LoadRunner lrFileIOService ActiveX Control WriteFileBinary Input Validation Error
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.946 High
EPSS
Percentile
99.3%
Added: 08/29/2013
CVE: CVE-2013-2370
BID: 61441
OSVDB: 95640
Background
HP LoadRunner is a software performance testing solution. HP LoadRunner includes the **lrFileIOService** ActiveX control.
Problem
HP LoadRunner before 11.52 is vulnerable to remote code execution. The **lrFileIOService** ActiveX control exposes the **WriteFileBinary** method which accepts a parameter named data without validating the value. A remote attacker who persuades a vulnerable user to visit a malicious web page could execute arbitrary code in the context of the user.
Resolution
Upgrade to HP LoadRunner 11.52 or higher as indicated in HP Security Bulletin HPSBGN02905 SSRT101083.
References
<http://www.zerodayinitiative.com/advisories/ZDI-13-182/>
Limitations
This exploit was tested against HP LoadRunner 11.50 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
The user must open the exploit in Internet Explorer 8 or 9 on the target.
Platforms
Windows
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.946 High
EPSS
Percentile
99.3%