Recently there’s been a series of articles about a vulnerability (if you can call that a vulnerability – it looks more like an open program launcher) in the LunchApp.APlunch ActiveX control that comes preinstalled on some Acer laptops.
The original article, available at http://vuln.sg/acerlunchapp-en.html, dates back to November, but for some reason this hit the news now.
The ActiveX control is very simple and basically allows an attacker to execute any binary on a remote machine by just providing a full path to it and (if need) arguments. The control is also marked as safe for scripting.
I’ve quickly tested this on a new Acer TravelMate and the ActiveX control is certainly there. However, even with Internet Explorer 6 (on Windows XP SP2), it does not run automatically, but will warn the user who has to allow the control to run. Internet Explorer 7 will warn the user with the full control name and will not run it automatically either.
At this point in time, until the patch is available, the best thing would be to set the kill bit on this control – see http://support.microsoft.com/kb/240797 for information on how to set kill bits.I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Northern VA - Reston Spring 2020
Jan 16th 2007
1 decade ago