SAINT CorporationSAINT:C32E67236EB8ED3A789218195F02D6D0HP LoadRunner XUpload ActiveX control MakeHttpRequest file download
0.901 High
EPSS
Percentile
98.8%
Added: 10/21/2009
CVE: CVE-2009-3693
BID: 36550
Background
HP LoadRunner is a software performance testing solution. HP LoadRunner includes the XUpload.ocx ActiveX control for performing file exchanges.
Problem
The **MakeHttpRequest** method in the XUpload.ocx ActiveX control can be used to download arbitrary files without any user confirmation. This can be used to store malicious commands on the system when a user loads an attacker’s web page, leading to command execution.
Resolution
Set the kill bit for Class ID E87F6C8E-16C0-11D3-BEF7-009027438003 as described in Microsoft Knowledge Base Article 240797.
References
<http://secunia.com/advisories/36898>
Limitations
Exploit works on HP LoadRunner 9.5 and requires a user to load the exploit page in Internet Explorer 6 or 7.
After the user loads the exploit page, the exploit will succeed only after the user logs in again or reboots the system.
Platforms
Windows
Related
