HTTP: Hewlett-Packard LoadRunner XUpload.ocx ActiveX Control
This signature detects attempts to use unsafe ActiveX controls in Hewlett-Packard LoadRunner XUpload.ocx. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to upload and download files from the victim's computer, potentially resulting in arbitrary program execution.
Extended Description
HP LoadRunner Persits.XUpload.2 ActiveX control is prone to a vulnerability that can allow attackers to download malicious files and save them to arbitrary locations on an affected computer. Attackers may exploit this issue to execute malicious files within the context of the affected application that uses the affected control (typically Internet Explorer). Other attacks are also possible. LoadRunner 9.5 is vulnerable; other versions may also be affected.
Affected Products
Hp mercury_loadrunner_agent
Short Name
HTTP:STC:ACTIVEX:HP-XUPLOAD-OCX
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2007-6530 CVE-2008-0492 CVE-2009-3693 Control Hewlett-Packard LoadRunner XUpload.ocx bid:27025 bid:27456 bid:36550
Release Date
10/27/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Hp
CVSS Score
9.3
6.8