HP LoadRunner lrLRIServices ActiveX Control Code Execution Vulnerability

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has an ActiveX control installed that is affected by
an arbitrary code execution vulnerability.

Description :

The remote host has the HP LoadRunner lrLRIServices ActiveX control
installed. The version of the installed control is potentially
affected by an arbitrary code execution vulnerability in the handling
of input to the output directory mutator. By tricking a user into
opening a specially crafted web page, a remote attacker may be able
to execute arbitrary code subject to the privileges of the user
running the affected application.

See also :

http://www.nessus.org/u?c99066d5
http://www.zerodayinitiative.com/advisories/ZDI-13-209/

Solution :

Upgrade to HP LoadRunner 11.52 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 69399 ()

Bugtraq ID: 61445

CVE ID: CVE-2013-4801

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now