CVE-2007-6530

Persits Software XUpload <3.0 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2007-6530. PoCs published by Metasploit, Elazar, MC, including Metasploit module exploits/windows/browser/hp_loadrunner_addfolder.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack buffer overflow in the XUpload ActiveX control (version 2.1.0.1) included in HP LoadRunner 9.0. It achieves remote code execution by passing an overly long string to the AddFolder method.

Description

Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16588

This is a Metasploit module exploiting a stack buffer overflow in the XUpload ActiveX control (version 2.1.0.1) included in HP LoadRunner 9.0. It achieves remote code execution by passing an overly long string to the AddFolder method.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP LoadRunner 9.0 (XUpload ActiveX control 2.1.0.1)
No auth needed
Prerequisites: Target must have the vulnerable ActiveX control installed · Target must visit a malicious webpage hosting the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Elazar · htmlremotewindows
https://www.exploit-db.com/exploits/4806

This exploit targets a buffer overflow vulnerability in Persits Software XUpload Control via the AddFolder() method. It uses a crafted buffer with a specific EIP overwrite and shellcode to achieve remote code execution, demonstrated by launching calc.exe or binding a shell to port 4444.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Persits Software XUpload Control
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6 or 7 on Windows XP SP2
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/hp_loadrunner_addfolder.rb

This Metasploit module exploits a stack buffer overflow in the XUpload ActiveX control (version 2.1.0.1) included in HP LoadRunner 9.0 via the AddFolder method. It delivers a payload to achieve remote code execution on vulnerable Windows systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP LoadRunner 9.0 (XUpload ActiveX control 2.1.0.1)
No auth needed
Prerequisites: Victim must visit a malicious web page hosting the exploit · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=119863639428564&w=2
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4310
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28205
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019147
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28145
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28218
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/39901
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27025

Scores

EPSS 0.3683
EPSS Percentile 98.3%

Details

CWE
CWE-119
Status published
Products (3)
groove/virtual_office
hp/loadrunner
persits/xupload 2.1.0.1
Published Dec 27, 2007
Tracked Since Feb 18, 2026