Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Vulnerability in Acer’s LunchApp.APlunch ActiveX control SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Vulnerability in Acer’s LunchApp.APlunch ActiveX control
Recently there’s been a series of articles about a vulnerability (if you can call that a vulnerability – it looks more like an open program launcher) in the LunchApp.APlunch ActiveX control that comes preinstalled on some Acer laptops.

The original article, available at, dates back to November, but for some reason this hit the news now.
The ActiveX control is very simple and basically allows an attacker to execute any binary on a remote machine by just providing a full path to it and (if need) arguments. The control is also marked as safe for scripting.

I’ve quickly tested this on a new Acer TravelMate and the ActiveX control is certainly there. However, even with Internet Explorer 6 (on Windows XP SP2), it does not run automatically, but will warn the user who has to allow the control to run. Internet Explorer 7 will warn the user with the full control name and will not run it automatically either.

At this point in time, until the patch is available, the best thing would be to set the kill bit on this control – see for information on how to set kill bits.

392 Posts
ISC Handler
Jan 16th 2007

Sign Up for Free or Log In to start participating in the conversation!