This Metasploit module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileString method, which allow the user to write arbitrary files. It's abused to drop a payload embedded in a dll, which is later loaded through the Init() method from the lrMdrvService control, by abusing an insecure LoadLibrary call. This Metasploit module has been tested successfully on IE8 on Windows XP. Virtualization based on the Low Integrity Process, on Windows Vista and 7, will stop this module because the DLL will be dropped to a virtualized folder, which isn't used by LoadLibrary.
4190aaee2f0f7797aa2729616b04019ec0f364bcd4a09603637a82a20624f5f6HP Security Bulletin HPSBGN02905 2 - Potential security vulnerabilities have been identified with HP LoadRunner and HP Business Process Monitor (BPM). The vulnerabilities could be remotely exploited to allow execution of code or result in a Denial of Service (DoS). Revision 2 of this advisory.
70edf5e3843e6daf9c3d162c95b2e3ddbdede0549f1d9f87c9134193afab4a96HP Security Bulletin HPSBGN02905 - Potential security vulnerabilities have been identified with HP LoadRunner. The vulnerabilities could be remotely exploited to allow execution of code or result in a Denial of Service (DoS). Revision 1 of this advisory.
43da885fdebda26382764369711cbf24e26c0adae71be911ebfc154158b77f6f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed