HP LoadRunner ActiveX Control Vulnerability

September 27, 2013

HP LoadRunner is an application performance testing software. It helps to detect bottlenecks and obtain an accurate picture of end-to-end system performance before going live. Upon installation of the HP LoadRunner, an ActiveX control named micWebAjax.dll is also deployed.

A stack buffer overflow vulnerability exists in HP LoadRunner; the vulnerability is due to exposure of an unsafe method in the micWebAjax.dll ActiveX control. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted webpage using Internet Explorer. Successful exploitation could lead to arbitrary code execution in the security context of the logged-in user. Failed attacks could lead to termination of the browser.

The vulnerability has been assigned as CVE-2013-2368.

Dell SonicWALL has released an IPS signature to detect and block specific exploitation attempts targeting this vulnerability. The signature is listed below:

  • 4649 HP LoadRunner ActiveX NotifyEvent Method Invocation