Vulnerability Details : CVE-2013-2370
Public exploit exists!
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671.
Vulnerability category: Execute code
Products affected by CVE-2013-2370
- cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:loadrunner:9.52:*:*:*:*:*:*:*
- cpe:2.3:a:hp:loadrunner:11.50:*:*:*:*:*:*:*
- cpe:2.3:a:hp:loadrunner:11.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:loadrunner:9.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:loadrunner:9.50.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:loadrunner:9.51:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-2370
77.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-2370
-
HP LoadRunner lrFileIOService ActiveX Remote Code Execution
Disclosure Date: 2013-07-24First seen: 2020-04-26exploit/windows/browser/hp_loadrunner_writefilebinaryThis module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileBinary method where user provided data is used as a memory pointer. This module has been tested successfully on IE6-I
CVSS scores for CVE-2013-2370
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2013-2370
-
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772
HP Support for Technical Help and Troubleshooting | HP® Customer Service.Vendor Advisory
Jump to