Vulnerabilities > CVE-2013-2370 - Remote Code Execution vulnerability in HP LoadRunner

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

exploit available

metasploit

NVD

Published: 2013-07-29

Updated: 2019-10-09

Summary

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671.

Part	Description	Count
Application	Hp HP Loadrunner 9.0.0 HP Loadrunner 9.50.0 HP Loadrunner 9.51 HP Loadrunner 9.52 HP Loadrunner 11.0.0.0 HP Loadrunner 11.50 HP Loadrunner - HP Loadrunner 11.51	8

description	HP LoadRunner lrFileIOService ActiveX Remote Code Execution. CVE-2013-2370. Remote exploit for windows platform
id	EDB-ID:27939
last seen	2016-02-03
modified	2013-08-29
published	2013-08-29
reporter	metasploit
source	https://www.exploit-db.com/download/27939/
title	HP LoadRunner lrFileIOService ActiveX Remote Code Execution

description	This module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileBinary method where user provided data is used as a memory pointer. This module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the LrWebIERREWrapper.dll 11.50.2216.0. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with HP LoadRunner.
id	MSF:EXPLOIT/WINDOWS/BROWSER/HP_LOADRUNNER_WRITEFILEBINARY
last seen	2020-06-08
modified	2017-10-05
published	2013-08-26
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2370 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03862772
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb
title	HP LoadRunner lrFileIOService ActiveX Remote Code Execution

data source	https://packetstormsecurity.com/files/download/123001/hp_loadrunner_writefilebinary.rb.txt
id	PACKETSTORM:123001
last seen	2016-12-05
published	2013-08-29
reporter	rgod
source	https://packetstormsecurity.com/files/123001/HP-LoadRunner-lrFileIOService-ActiveX-Remote-Code-Execution.html
title	HP LoadRunner lrFileIOService ActiveX Remote Code Execution

bid	61441
description	HP LoadRunner lrFileIOService ActiveX Control WriteFileBinary Input Validation Error
id	misc_mercuryloadrunnerver
osvdb	95640
title	hp_loadrunner_lrfileioservice_writefilebinary_data
type	client