Signature Detail
Short Name |
HTTP:STC:ACTIVEX:HP-XUPLOAD-OCX |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Hewlett-Packard LoadRunner XUpload.ocx ActiveX Control |
Release Date |
2009/10/27 |
Update Number |
1532 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Hewlett-Packard LoadRunner XUpload.ocx ActiveX Control
This signature detects attempts to use unsafe ActiveX controls in Hewlett-Packard LoadRunner XUpload.ocx. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to upload and download files from the victim's computer, potentially resulting in arbitrary program execution.
Extended Description
HP LoadRunner Persits.XUpload.2 ActiveX control is prone to a vulnerability that can allow attackers to download malicious files and save them to arbitrary locations on an affected computer. Attackers may exploit this issue to execute malicious files within the context of the affected application that uses the affected control (typically Internet Explorer). Other attacks are also possible. LoadRunner 9.5 is vulnerable; other versions may also be affected.
Affected Products
- HP Mercury LoadRunner Agent 9.5
References
- BugTraq: 27025
- BugTraq: 27456
- BugTraq: 36550
- CVE: CVE-2007-6530
- CVE: CVE-2008-0492
- CVE: CVE-2009-3693