This Metasploit module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileBinary method where user provided data is used as a memory pointer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the LrWebIERREWrapper.dll 11.50.2216.0. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with HP LoadRunner.
a5e106a110e475d117b3500d373abbf472e7b81cec4cfdde2c8f9d7957853a9bHP Security Bulletin HPSBGN02905 2 - Potential security vulnerabilities have been identified with HP LoadRunner and HP Business Process Monitor (BPM). The vulnerabilities could be remotely exploited to allow execution of code or result in a Denial of Service (DoS). Revision 2 of this advisory.
70edf5e3843e6daf9c3d162c95b2e3ddbdede0549f1d9f87c9134193afab4a96HP Security Bulletin HPSBGN02905 - Potential security vulnerabilities have been identified with HP LoadRunner. The vulnerabilities could be remotely exploited to allow execution of code or result in a Denial of Service (DoS). Revision 1 of this advisory.
43da885fdebda26382764369711cbf24e26c0adae71be911ebfc154158b77f6f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed