January 8, 2007 - 08:42 UTC - Tags: security Acer ActiveX
I can't say I'm a big fan of the software Acer ships with their laptops. A custom menubar in Windows taking 60 megabytes of memory? Encryption software that interferes when dragging and dropping files from explorer into MSN? No autoupdater? But last week I noticed some writing about an ActiveX control Acer ships with their software:
Computer World Article (in norwegian). This ActiveX control called lunchapp.ocx is actually a backdoor.
And today I found an article describing how terribly easy it is to exploit this control:
About Acer Notebook LunchApp.APlunch ActiveX Control..... By writing five lines of HTML code, you can actually run whatever application you want on the computer. This is truly a critical security error.
Update 17.01.2007:Acer has now issued a patch which removes this vulnerability.