Hewlett-Packard LoadRunner lrFileIOService ActiveX Control WriteFileBinary Remote Code Execution VulnerabilityZDI-13-182: July 26th, 2013
TippingPoint™ IPS Customer ProtectionTippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 12722. For further product information on the TippingPoint IPS:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP LoadRunner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the lrFileIOService ActiveX control. The control exposes the WriteFileBinary method which accepts a parameter named data that it uses as a valid pointer. By specifying invalid values an attacker can force the application to jump to a controlled location in memory. This can be exploited to execute remote code under the context of the user running the web browser.
Vendor ResponseHewlett-Packard has issued an update to correct this vulnerability. More details can be found at:
2013-01-22 - Vulnerability reported to vendor
2013-07-26 - Coordinated public release of advisory
CreditThis vulnerability was discovered by:
Andrea Micalizzi aka rgod