HP LoadRunner lrFileIOService ActiveX Control WriteFileBinary Input Validation Error

2013-08-29T00:00:00
ID SAINT:5404BF955A4F77C98E722EE7EC57C9FE
Type saint
Reporter SAINT Corporation
Modified 2013-08-29T00:00:00

Description

Added: 08/29/2013
CVE: CVE-2013-2370
BID: 61441
OSVDB: 95640

Background

HP LoadRunner is a software performance testing solution. HP LoadRunner includes the **lrFileIOService** ActiveX control.

Problem

HP LoadRunner before 11.52 is vulnerable to remote code execution. The **lrFileIOService** ActiveX control exposes the **WriteFileBinary** method which accepts a parameter named data without validating the value. A remote attacker who persuades a vulnerable user to visit a malicious web page could execute arbitrary code in the context of the user.

Resolution

Upgrade to HP LoadRunner 11.52 or higher as indicated in HP Security Bulletin HPSBGN02905 SSRT101083.

References

<http://www.zerodayinitiative.com/advisories/ZDI-13-182/>

Limitations

This exploit was tested against HP LoadRunner 11.50 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The user must open the exploit in Internet Explorer 8 or 9 on the target.

Platforms

Windows