Vulnerabilities > CVE-2013-4798 - Remote Code Execution vulnerability in HP LoadRunner
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 8 |
Exploit-Db
description | HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution. CVE-2013-4798. Remote exploit for windows platform |
id | EDB-ID:28083 |
last seen | 2016-02-03 |
modified | 2013-09-04 |
published | 2013-09-04 |
reporter | metasploit |
source | https://www.exploit-db.com/download/28083/ |
title | HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution |
Metasploit
description | This module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileString method, which allow the user to write arbitrary files. It's abused to drop a payload embedded in a dll, which is later loaded through the Init() method from the lrMdrvService control, by abusing an insecure LoadLibrary call. This module has been tested successfully on IE8 on Windows XP. Virtualization based on the Low Integrity Process, on Windows Vista and 7, will stop this module because the DLL will be dropped to a virtualized folder, which isn't used by LoadLibrary. |
id | MSF:EXPLOIT/WINDOWS/BROWSER/HP_LOADRUNNER_WRITEFILESTRING |
last seen | 2020-06-05 |
modified | 2019-08-02 |
published | 2013-08-29 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb |
title | HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution |
Packetstorm
data source | https://packetstormsecurity.com/files/download/123086/hp_loadrunner_writefilestring.rb.txt |
id | PACKETSTORM:123086 |
last seen | 2016-12-05 |
published | 2013-09-04 |
reporter | juan vazquez |
source | https://packetstormsecurity.com/files/123086/HP-LoadRunner-lrFileIOService-ActiveX-WriteFileString-Remote-Code-Execution.html |
title | HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution |
Saint
bid | 61443 |
description | HP LoadRunner lrFileIOService ActiveX WriteFileString Method Traversal Vulnerability |
id | misc_mercuryloadrunnerver |
osvdb | 95642 |
title | hp_loadrunner_lrfileioservice_writefilestring_traversal |
type | client |