ITPRO

Printed from www.itpro.co.uk

Register to receive our regular email newsletter at http://www.itpro.co.uk/registration.

The newsletter contains links to our latest IT news, product reviews, features and how-to guides, plus special offers and competitions.

Skip to navigation

    US-CERT warns of Acer laptop vulnerability

Computer security agency warns ActiveX control could allow hackers to take over Acer laptops.

By Rene Millman, 17 Jan 2007 at 13:38

The US Computer Emergency Readiness Team (US-CERT) has warned users of Acer notebooks that a pre-installed ActiveX control could be used by hackers to take over vulnerable computers.

According to the agency, if a hacker convinced a user to visit a website using Internet Explorer, they could subvert the system by running arbitrary code with the privileges of the user. The Acer LunchApp ActiveX control is provided by LunchApp.ocx. It contains a method called Run(), which takes three parameters: Drive, FileName, and CmdLine.

"Although the control is not inherently marked as safe for scripting via the IObjectSafety interface, it may be distributed with the appropriate Implemented Categories registry key to make it safe for scripting," the agency said on its website. "This means that a web page in Internet Explorer can call the Run() method of the control."

Acer issued an update called Acer Preload Security Patch for Windows XP. This patch unregisters and deletes the LunchApp.ocx file if it is present in the Windows System directory.

The vulnerability was originally discovered by Tan Chew Keong. He wrote on his blog that he found the vulnerability on his Acer TravelMate 4150 notebook and the ActiveX control was part of the suite of applications distributed on Acer notebooks going as far back as November 1998.

Email to a friend

Print this page

Social Bookmark this article: What is this?

Add to: DiggDigg
Add to: Del.icio.usDelicious
Add to: RedditReddit
Add to: StumbleUponStumbleUpon
Add to: SlashdotSlashdot
Add to: GoogleGoogle
Add to: FacebbokFacebook

Be the first to comment on this article

You need to Login or Register to comment.

advertisement

    Latest Security Features

The continued curse of cybersquatting

For some, it’s a problem confined to the early days of the Internet. But current figures suggest that the cybersquatting problem is, if anything, growing.

Read more

 

More Security Features

    Latest Security Reviews

Fujitsu Siemens FibreCAT SX80 iSCSI

Rating: 5

It may be a late entry to the IP SAN party but the FibreCAT SX80 iSCSI aims to beat the rest on value, features and ease of use.

Read more

 

More Security Reviews

advertisement

    Latest News Videos in Security

Eugene Kaspersky

Video: Mobile security threats and Mac complacency

Play Video: Mobile security threats and Mac complacency   Play

Part two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.

 

    Blogs

A Busman's Holiday to Invisible Hard Disk Land

Read more

 

    White papers

Want more background on today's hottest IT trends?

Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.

    Register for IT PRO

You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.

Register
Advertisement