CVE-2013-4798

HP LoadRunner < 11.52 - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-4798. PoCs published by Metasploit, Brian Gorenc, juan vazquez, including Metasploit module exploits/windows/browser/hp_loadrunner_writefilestring.

AI-analyzed exploit summary This Metasploit module exploits CVE-2013-4798 in HP LoadRunner's lrFileIOService ActiveX control by abusing the WriteFileString method to write an arbitrary DLL, which is then loaded via an insecure LoadLibrary call in lrMdrvService. It targets IE6-8 on Windows XP.

Description

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/28083

View Code ZIP pw:eip

This Metasploit module exploits CVE-2013-4798 in HP LoadRunner's lrFileIOService ActiveX control by abusing the WriteFileString method to write an arbitrary DLL, which is then loaded via an insecure LoadLibrary call in lrMdrvService. It targets IE6-8 on Windows XP.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP LoadRunner 11.50

No auth needed

Prerequisites: Target must be using IE6-8 on Windows XP · ActiveX controls must be enabled

MITRE ATT&CK

T1189 - Drive-by Compromise T1218 - System Binary Proxy Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Brian Gorenc, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/hp_loadrunner_writefilestring.rb

View Code ZIP pw:eip

This Metasploit module exploits a vulnerability in HP LoadRunner's lrFileIOService ActiveX control (CVE-2013-4798) to write arbitrary files and achieve remote code execution. It drops a malicious DLL via WriteFileString and loads it through an insecure LoadLibrary call in lrMdrvService.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP LoadRunner 11.50

No auth needed

Prerequisites: Target must be using Internet Explorer 6-8 on Windows XP · ActiveX controls must be enabled

MITRE ATT&CK

T1189 - Drive-by Compromise T1218.010 - Regsvr32

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory vendor-advisory x_refsource_hp

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/85958

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/95642

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/61443

Scores

EPSS 0.6772

EPSS Percentile 99.2%

Details

Status published

Products (7)

hp/loadrunner 9.0.0

hp/loadrunner 9.50.0

hp/loadrunner 9.51

hp/loadrunner 9.52

hp/loadrunner 11.0.0.0

hp/loadrunner 11.50

hp/loadrunner < 11.51

Published Jul 29, 2013

Tracked Since Feb 18, 2026