Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Tested with HP LoadRunner 11.50 on IE8 with Windows XP.
The vulnerability is an abusing of the WriteFileString API to write arbitrary files.
The module uses the vulnerability to drop a payload embedded on a dll and abuses another ActiveX control API which loads an app library (LoadLibrary) in a insecure fashion. The good thing about this method is which allows to exploit Windows XP even when no admin user visits the page (limitation of the WBem technique). The bad thing is which doesn't work on Windows Vista/ Windows 7 because IE runs on a Low Privileged Process and files are written to a virtualized directory, which isn't used by LoadLibrary anymore. Still is a an interesting module to have into the framework I think.