SAINT CorporationSAINT:737F3D0D4DE17A67AF0B9D1040BF1871HP LoadRunner XUpload ActiveX control MakeHttpRequest file download
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.901 High
EPSS
Percentile
98.8%
Added: 10/21/2009
CVE: CVE-2009-3693
BID: 36550
Background
HP LoadRunner is a software performance testing solution. HP LoadRunner includes the XUpload.ocx ActiveX control for performing file exchanges.
Problem
The **MakeHttpRequest** method in the XUpload.ocx ActiveX control can be used to download arbitrary files without any user confirmation. This can be used to store malicious commands on the system when a user loads an attacker’s web page, leading to command execution.
Resolution
Set the kill bit for Class ID E87F6C8E-16C0-11D3-BEF7-009027438003 as described in Microsoft Knowledge Base Article 240797.
References
<http://secunia.com/advisories/36898>
Limitations
Exploit works on HP LoadRunner 9.5 and requires a user to load the exploit page in Internet Explorer 6 or 7.
After the user loads the exploit page, the exploit will succeed only after the user logs in again or reboots the system.
Platforms
Windows
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.901 High
EPSS
Percentile
98.8%