SAINT CorporationSAINT:67159308BA3DD318D6B1553AED35DEA2HP LoadRunner XUpload ActiveX control MakeHttpRequest file download
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.1%
Added: 10/21/2009
CVE: CVE-2009-3693
BID: 36550
Background
HP LoadRunner is a software performance testing solution. HP LoadRunner includes the XUpload.ocx ActiveX control for performing file exchanges.
Problem
The **MakeHttpRequest** method in the XUpload.ocx ActiveX control can be used to download arbitrary files without any user confirmation. This can be used to store malicious commands on the system when a user loads an attacker’s web page, leading to command execution.
Resolution
Set the kill bit for Class ID E87F6C8E-16C0-11D3-BEF7-009027438003 as described in Microsoft Knowledge Base Article 240797.
References
<http://secunia.com/advisories/36898>
Limitations
Exploit works on HP LoadRunner 9.5 and requires a user to load the exploit page in Internet Explorer 6 or 7.
After the user loads the exploit page, the exploit will succeed only after the user logs in again or reboots the system.
Platforms
Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.1%