SAINT CorporationSAINT:6A2C0D62A75E18D8502F2E3CD1786F1FHP LoadRunner lrFileIOService ActiveX WriteFileString Method Traversal Vulnerability
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.944 High
EPSS
Percentile
99.2%
Added: 10/17/2013
CVE: CVE-2013-4798
BID: 61443
OSVDB: 95642
Background
HP LoadRunner is a software performance testing solution. HP LoadRunner includes the **lrFileIOService** ActiveX control.
Problem
HP LoadRunner before 11.52 is vulnerable to remote code execution. The **lrFileIOService** ActiveX control exposes the **WriteFileString** method which does not properly sanitize user supplied input. A remote attacker who persuades a user to open a crafted web page containing directory traversal style attacks (e.g. ‘…/…/’) can write a file to an arbitrary location, thereby possibly resulting in code execution.
Resolution
Upgrade to HP LoadRunner 11.52 or higher as indicated in HP Security Bulletin HPSBGN02905 SSRT101083.
References
<http://secunia.com/advisories/54138/>
Limitations
This exploit was tested against HP LoadRunner 11.50 on Windows XP SP3 English (DEP OptIn). The user must open the exploit in Internet Explorer.
Platforms
Windows
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.944 High
EPSS
Percentile
99.2%