HP LoadRunner is a software performance testing solution. HP LoadRunner includes the
**micWebAjax** ActiveX control.
HP LoadRunner before 11.52 is vulnerable to remote code execution due to failure to sanitize user-supplied input to the NotifyEvent method in the
**micWebAjax.dll** ActiveX control. A remote attacker who persuades a user to open a crafted page that results in stack corruption could lead to arbitrary code execution in the context of the web browser.
Upgrade to HP LoadRunner 11.52 or newer.
Exploit works on HP LoadRunner 11.50 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
The user must open the exploit in Internet Explorer 8 or 9.