Vulnerabilities > CVE-2013-4798 - Remote Code Execution vulnerability in HP LoadRunner

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

critical

exploit available

metasploit

NVD

Published: 2013-07-29

Updated: 2017-08-29

Summary

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.

Part	Description	Count
Application	Hp HP Loadrunner 9.0.0 HP Loadrunner 9.50.0 HP Loadrunner 9.51 HP Loadrunner 9.52 HP Loadrunner 11.0.0.0 HP Loadrunner 11.50 HP Loadrunner - HP Loadrunner 11.51	8

description	HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution. CVE-2013-4798. Remote exploit for windows platform
id	EDB-ID:28083
last seen	2016-02-03
modified	2013-09-04
published	2013-09-04
reporter	metasploit
source	https://www.exploit-db.com/download/28083/
title	HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution

description	This module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileString method, which allow the user to write arbitrary files. It's abused to drop a payload embedded in a dll, which is later loaded through the Init() method from the lrMdrvService control, by abusing an insecure LoadLibrary call. This module has been tested successfully on IE8 on Windows XP. Virtualization based on the Low Integrity Process, on Windows Vista and 7, will stop this module because the DLL will be dropped to a virtualized folder, which isn't used by LoadLibrary.
id	MSF:EXPLOIT/WINDOWS/BROWSER/HP_LOADRUNNER_WRITEFILESTRING
last seen	2020-06-05
modified	2019-08-02
published	2013-08-29
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4798 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03862772
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb
title	HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution

data source	https://packetstormsecurity.com/files/download/123086/hp_loadrunner_writefilestring.rb.txt
id	PACKETSTORM:123086
last seen	2016-12-05
published	2013-09-04
reporter	juan vazquez
source	https://packetstormsecurity.com/files/123086/HP-LoadRunner-lrFileIOService-ActiveX-WriteFileString-Remote-Code-Execution.html
title	HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution

bid	61443
description	HP LoadRunner lrFileIOService ActiveX WriteFileString Method Traversal Vulnerability
id	misc_mercuryloadrunnerver
osvdb	95642
title	hp_loadrunner_lrfileioservice_writefilestring_traversal
type	client