This Metasploit module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileString method, which allow the user to write arbitrary files. It's abused to drop a payload embedded in a dll, which is later loaded through the Init() method from the lrMdrvService control, by abusing an insecure LoadLibrary call. This Metasploit module has been tested successfully on IE8 on Windows XP. Virtualization based on the Low Integrity Process, on Windows Vista and 7, will stop this module because the DLL will be dropped to a virtualized folder, which isn't used by LoadLibrary.
5f7630ca27a1c56598761f3e375ec40d
HP Security Bulletin HPSBGN02905 2 - Potential security vulnerabilities have been identified with HP LoadRunner and HP Business Process Monitor (BPM). The vulnerabilities could be remotely exploited to allow execution of code or result in a Denial of Service (DoS). Revision 2 of this advisory.
e1b29cbcc235c564a68534716c986bd4
HP Security Bulletin HPSBGN02905 - Potential security vulnerabilities have been identified with HP LoadRunner. The vulnerabilities could be remotely exploited to allow execution of code or result in a Denial of Service (DoS). Revision 1 of this advisory.
b2cf205493c8ebaea51737271a24652f