Vulnerabilities > CVE-2013-2370 - Remote Code Execution vulnerability in HP LoadRunner
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 8 |
Exploit-Db
description | HP LoadRunner lrFileIOService ActiveX Remote Code Execution. CVE-2013-2370. Remote exploit for windows platform |
id | EDB-ID:27939 |
last seen | 2016-02-03 |
modified | 2013-08-29 |
published | 2013-08-29 |
reporter | metasploit |
source | https://www.exploit-db.com/download/27939/ |
title | HP LoadRunner lrFileIOService ActiveX Remote Code Execution |
Metasploit
description | This module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileBinary method where user provided data is used as a memory pointer. This module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the LrWebIERREWrapper.dll 11.50.2216.0. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with HP LoadRunner. |
id | MSF:EXPLOIT/WINDOWS/BROWSER/HP_LOADRUNNER_WRITEFILEBINARY |
last seen | 2020-06-08 |
modified | 2017-10-05 |
published | 2013-08-26 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb |
title | HP LoadRunner lrFileIOService ActiveX Remote Code Execution |
Packetstorm
data source | https://packetstormsecurity.com/files/download/123001/hp_loadrunner_writefilebinary.rb.txt |
id | PACKETSTORM:123001 |
last seen | 2016-12-05 |
published | 2013-08-29 |
reporter | rgod |
source | https://packetstormsecurity.com/files/123001/HP-LoadRunner-lrFileIOService-ActiveX-Remote-Code-Execution.html |
title | HP LoadRunner lrFileIOService ActiveX Remote Code Execution |
Saint
bid | 61441 |
description | HP LoadRunner lrFileIOService ActiveX Control WriteFileBinary Input Validation Error |
id | misc_mercuryloadrunnerver |
osvdb | 95640 |
title | hp_loadrunner_lrfileioservice_writefilebinary_data |
type | client |