| Name | HP.LoadRunner.XUpload.MakeHttpRequest.ActiveX.Control.Access |
| Release Date | Dec 29, 2009 |
| Severity | Critical |
| Impact | System Compromise
Security Bypass |
| Description | This indicates an attack attempt against an arbitrary file download and execute vulnerability in HP LoadRunner.
The vulnerability is caused by an error when the Persits.XUpload ActiveX control handles a specially crafted web page. It allows a remote attacker to overwrite credential files on the target system. |
| Affected Products | HP Mercury LoadRunner Agent 9.5 |
| Recommended Actions | Set the kill bit for the CLSID {E87F6C8E-16C0-11D3-BEF7-009027438003}. |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-3693
|
| Reference/s | http://www.securityfocus.com/bid/36550 (BugTraq)
http://retrogod.altervista.org/9sg_hp_loadrunner.html
|