HP LoadRunner lrFileIOService ActiveX WriteFileString Method Traversal Vulnerability

2013-10-17T00:00:00
ID SAINT:436AA01206D9FAAC38E3BDD8660F94C5
Type saint
Reporter SAINT Corporation
Modified 2013-10-17T00:00:00

Description

Added: 10/17/2013
CVE: CVE-2013-4798
BID: 61443
OSVDB: 95642

Background

HP LoadRunner is a software performance testing solution. HP LoadRunner includes the **lrFileIOService** ActiveX control.

Problem

HP LoadRunner before 11.52 is vulnerable to remote code execution. The **lrFileIOService** ActiveX control exposes the **WriteFileString** method which does not properly sanitize user supplied input. A remote attacker who persuades a user to open a crafted web page containing directory traversal style attacks (e.g. '../../') can write a file to an arbitrary location, thereby possibly resulting in code execution.

Resolution

Upgrade to HP LoadRunner 11.52 or higher as indicated in HP Security Bulletin HPSBGN02905 SSRT101083.

References

<http://secunia.com/advisories/54138/>

Limitations

This exploit was tested against HP LoadRunner 11.50 on Windows XP SP3 English (DEP OptIn). The user must open the exploit in Internet Explorer.

Platforms

Windows