CVE-2007-6530

Persits Software XUpload <3.0 - Buffer Overflow

Title source: llm

Description

Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16588

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Elazar · htmlremotewindows

https://www.exploit-db.com/exploits/4806

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/hp_loadrunner_addfolder.rb

View Code ZIP pw:eip

References (8)

[Exploit] http://marc.info/?l=full-disclosure&m=119863639428564&w=2

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/4310

[Vendor Advisory] http://secunia.com/advisories/28205

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019147

[Vendor Advisory] http://secunia.com/advisories/28145

[Vendor Advisory] http://secunia.com/advisories/28218

[Third Party Advisory, VDB Entry] http://osvdb.org/39901

[Exploit] http://www.securityfocus.com/bid/27025

Scores

EPSS 0.6575

EPSS Percentile 98.5%

Details

CWE

CWE-119

Status published

Products (3)

groove/virtual_office

hp/loadrunner

persits/xupload 2.1.0.1

Published Dec 27, 2007

Tracked Since Feb 18, 2026