HP LoadRunner lrFileIOService ActiveX Control WriteFileBinary Input Validation Error

Added: 08/29/2013
CVE: CVE-2013-2370
BID: 61441
OSVDB: 95640

Background

HP LoadRunner is a software performance testing solution. HP LoadRunner includes the lrFileIOService ActiveX control.

Problem

HP LoadRunner before 11.52 is vulnerable to remote code execution. The lrFileIOService ActiveX control exposes the WriteFileBinary method which accepts a parameter named data without validating the value. A remote attacker who persuades a vulnerable user to visit a malicious web page could execute arbitrary code in the context of the user.

Resolution

Upgrade to HP LoadRunner 11.52 or higher as indicated in HP Security Bulletin HPSBGN02905 SSRT101083.

References

http://www.zerodayinitiative.com/advisories/ZDI-13-182/

Limitations

This exploit was tested against HP LoadRunner 11.50 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The user must open the exploit in Internet Explorer 8 or 9 on the target.

Platforms

Windows

Back to exploit index