CVE-2013-2370

HP LoadRunner < 11.52 - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-2370. PoCs published by Metasploit, including Metasploit module exploits/windows/browser/hp_loadrunner_writefilebinary.

AI-analyzed exploit summary This Metasploit module exploits a vulnerability in HP LoadRunner's lrFileIOService ActiveX control (CVE-2013-2370) via the WriteFileBinary method, allowing remote code execution through heap spraying and ROP techniques. It targets IE 6-9 on Windows XP, Vista, and 7.

Description

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/27939

View Code ZIP pw:eip

This Metasploit module exploits a vulnerability in HP LoadRunner's lrFileIOService ActiveX control (CVE-2013-2370) via the WriteFileBinary method, allowing remote code execution through heap spraying and ROP techniques. It targets IE 6-9 on Windows XP, Vista, and 7.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: HP LoadRunner 11.50 (LrWebIERREWrapper.dll 11.50.2216.0)

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6-9 · HP LoadRunner 11.50 must be installed on the target system

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb

View Code ZIP pw:eip

This Metasploit module exploits a vulnerability in HP LoadRunner's lrFileIOService ActiveX control (CVE-2013-2370) via the WriteFileBinary method, leveraging heap spraying and ROP chains to achieve remote code execution on vulnerable Windows systems.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP LoadRunner 11.50 (LrWebIERREWrapper.dll 11.50.2216.0)

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6-9 on Windows XP, Vista, or 7 · HP LoadRunner 11.50 must be installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_hp

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772

Scores

EPSS 0.6276

EPSS Percentile 99.1%

Details

Status published

Products (7)

hp/loadrunner 9.0.0

hp/loadrunner 9.50.0

hp/loadrunner 9.51

hp/loadrunner 9.52

hp/loadrunner 11.0.0.0

hp/loadrunner 11.50

hp/loadrunner < 11.51

Published Jul 29, 2013

Tracked Since Feb 18, 2026