Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Published: 2007-01-09
Last Updated: 2007-01-16 18:29:58 UTC
by Bojan Zdrnja (Version: 2)
0 comment(s)
Recently there’s been a series of articles about a vulnerability (if you can call that a vulnerability – it looks more like an open program launcher) in the LunchApp.APlunch ActiveX control that comes preinstalled on some Acer laptops.

The original article, available at http://vuln.sg/acerlunchapp-en.html, dates back to November, but for some reason this hit the news now.
The ActiveX control is very simple and basically allows an attacker to execute any binary on a remote machine by just providing a full path to it and (if need) arguments. The control is also marked as safe for scripting.

I’ve quickly tested this on a new Acer TravelMate and the ActiveX control is certainly there. However, even with Internet Explorer 6 (on Windows XP SP2), it does not run automatically, but will warn the user who has to allow the control to run. Internet Explorer 7 will warn the user with the full control name and will not run it automatically either.

At this point in time, until the patch is available, the best thing would be to set the kill bit on this control – see http://support.microsoft.com/kb/240797 for information on how to set kill bits.

Update 1:

Acer has released a patch to address this issue. It is called "Acer Preload Security Patch for Windows XP" and can be downloaded here. The updated US-CERT vulnerability notice with information about the patch can be found here.
Keywords:
0 comment(s)
Diary Archives