HP LoadRunner lrLRIServices ActiveX Control Code Execution Vulnerability

High Nessus Plugin ID 69399


The remote host has an ActiveX control installed that is affected by an arbitrary code execution vulnerability.


The remote host has the HP LoadRunner lrLRIServices ActiveX control installed. The version of the installed control is potentially affected by an arbitrary code execution vulnerability in the handling of input to the output directory mutator. By tricking a user into opening a specially crafted web page, a remote attacker may be able to execute arbitrary code subject to the privileges of the user running the affected application.


Upgrade to HP LoadRunner 11.52 or later.

See Also



Plugin Details

Severity: High

ID: 69399

File Name: hp_loadrunner_lriservices_activex.nasl

Version: $Revision: 1.5 $

Type: local

Agent: windows

Family: Windows

Published: 2013/08/16

Modified: 2016/12/21

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:loadrunner

Required KB Items: SMB/Registry/Enumerated

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/07/24

Vulnerability Publication Date: 2013/07/24

Reference Information

CVE: CVE-2013-4801

BID: 61445

OSVDB: 95645