dancy70
Premium
join:2005-01-29
Hudson, FL
 ·Verizon Online DSL
| reply to vircotto
Re: Acer puts Active X hole on laptops
I have an Acer Aspire 3000 series as a 2nd laptop and, sure enough, LunchApp was there. It tried to get the fix from Acer, but the site was really bogged down, or something, but the recommendation in one of the links listed on this board to deactivate the control by going to Tools - Internet Options - Programs - Manage Add-ons worked nicely. Since I use FF on all of my computers and use IE only for updates, it probably would have gone unnoticed for a few more years (I have had the computer now for over a year) but for this board.
It is interesting that a search for LunchApp, LApp, etc., even using the additional "fuzzy" options presented by Acer returned no documents 
TKU - Dan |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs: | reply to vircotto
Patched here without a problem as well. |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs: | reply to vircotto
Ahh well, all patched.
Now I can sleep tonight.  |
|
javaMan
Premium,MVM
join:2002-07-15
San Luis Obispo, CA
| reply to jdong
said by jdong  :Someone posted on Digg a counter-attack that uses the exploit to unregister the exploitable ActiveX OCX How ironic.
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20 |
|
jdong
Eat A Beaver, Save A Tree.
Premium
join:2002-07-09
Rochester, MI
clubs: 
| reply to vircotto
Someone posted on Digg a counter-attack that uses the exploit to unregister the exploitable ActiveX OCX
--
UbuntuForums Administrator: try Ubuntu Linux |
|
javaMan
Premium,MVM
join:2002-07-15
San Luis Obispo, CA
| reply to jabarnut
said by jabarnut :. . . Of course, now that it *is* well known, I sure hope everyone is able to patch their machines before the 'bad guys' (who also know about it now), start having some fun. LOL That was exactly my thought when I first read the article.
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20 |
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
4 edits | reply to vircotto
said by javaMan :...I think in reading about it there was a note somewhere that mentioned that it wasn't even being used anymore and apparently no one had bothered to follow up and remove it.... Yes, that's my take on this.
I really don't think there was any malicious intent way back when this poorly designed 'feature' was implemented, and it just sort of slipped through the cracks over the years.
In fact, it may have actually been thought useful or even 'innovative' at the time. 
(I don't recall too many people preaching about the dangers of ActiveX back then).
As shown, this has apparently been around since at least 1998 or earlier...10 or more years ago, yet it is only just now circulating around the web.
With a security hole as big as this one, you can be sure we would have heard of some serious problems (and a fix) long before now, had anyone been aware of it.
Of course, now that it *is* well known, I sure hope everyone is able to patch their machines before the 'bad guys' (who also know about it now), start having some fun.
--
I had a life once.....now I have a Computer and a Modem. |
|
FiL
Premium
join:2005-08-16
Silver Spring, MD
1 edit | reply to Name Game
stupid Acer... |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
 ·Optimum Online
 ·Vonage
| reply to sharpy merc
said by sharpy merc :said by La Luna :I'm glad they at least patched this pretty quickly, once they were alerted to it. What do you mean alerted to it. They put it on the bloody thing in the first place! Kinda like "oops we forgot...Sorry people our bad." more like " Oh crap we got caught!" Tinfoil anyone?
Please read the article. 
--
~~Well, I think you're crazy, I think you're crazy, I think you're crazy, just like me...~~
|
|
javaMan
Premium,MVM
join:2002-07-15
San Luis Obispo, CA
| reply to sharpy merc
said by sharpy merc :said by La Luna :I'm glad they at least patched this pretty quickly, once they were alerted to it. What do you mean alerted to it. They put it on the bloody thing in the first place! Kinda like "oops we forgot...Sorry people our bad." more like " Oh crap we got caught!" I think in reading about it there was a note somewhere that mentioned that it wasn't even being used anymore and apparently no one had bothered to follow up and remove it. It was just being installed for no reason other than to serve as a possible vector for disastrous abuse. 
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20 |
|
sharpy merc
join:2003-01-28
England
1 edit | reply to La Luna
said by La Luna :I'm glad they at least patched this pretty quickly, once they were alerted to it. What do you mean alerted to it. They put it on the bloody thing in the first place!
Kinda like "oops we forgot...Sorry people our bad."
more like " Oh crap we got caught!" |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
·Vonage
| reply to javaMan
said by javaMan :said by La Luna :. . . This appears to be more of an error on their part, rather than a purposeful "malware" install. Certainly true but it does demonstrate the vulnerability inherent in ActiveX. Well, maybe not so much ActiveX as the trustworthiness of the those who use it. Which, in the end, is perhaps really the same thing. Well, I think most of us already knew about ActiveX vulnerabilities (didn't we? ).
I'm glad they at least patched this pretty quickly, once they were alerted to it.
--
~~Well, I think you're crazy, I think you're crazy, I think you're crazy, just like me...~~
|
|
javaMan
Premium,MVM
join:2002-07-15
San Luis Obispo, CA
| reply to jdong
said by jdong :. . . The hidden story I think is, lots of OEM's are bundling support apps that are meant to be used by tech support to take control of your computer to assist you, with permission. How safe are these implementations?  And it doesn't help when you have Dumb and Dumber doing your implementations. This was an especially ill conceived idea on someones part and it makes one wonder how many other bad ideas are lurking on OEM machines.
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20 |
|
jdong
Eat A Beaver, Save A Tree.
Premium
join:2002-07-09
Rochester, MI
clubs:
| reply to vircotto
This is indeed a serious hole if exploitable (i.e. if one is using an ActiveX enabled browser with default security settings) -- it can be used to execute any command on behalf of the user. It can easily be modified to delete/format drives or files accessible by the user (in all cases, their Documents folder, in some cases, USB pen drive, hard drive, etc).
It can also be used to launch FTP.exe with a text script that downloads more exploits to run.
The current proof-of-concept is used to just launch calc.exe, but you can replace that call with any other command -- anything that your start->run dialog can do, this can do!
The hidden story I think is, lots of OEM's are bundling support apps that are meant to be used by tech support to take control of your computer to assist you, with permission. How safe are these implementations?
--
UbuntuForums Administrator: try Ubuntu Linux |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
1 edit | reply to vircotto
As a side note I did find info that there were programs installed by ACER that are in the add/remove and this other info on some of their functions..but could not tell you effect on the laptops if you removed them.
**********************************
»www.acer.co.th/product/travelmat···ager.htm
»forum.ccleaner.com/index.php?showtopic=8129
found in add/remove programs
Acer eManager for Notebook
Acer ePowerManagement
Acer GridVista
lmanager.exe is a process associated with Acer Launch Manager from Dritek System Inc..
U Launchboard lnchbrd.exe "LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions"
U LaunchApp Alaunch.exe Acer Launch tool utility on laptops
U LaunchAp LaunchAp.exe Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610
Author: Dritek System Inc.
Part Of: Acer Launch Manager
LManager.exe file information
The process Acer Launch Manager Keyboard Application belongs to the software Acer Launch Manager by Dritek System Inc (www.dritek.com.tw).
Description: File LManager.exe is located in a subfolder of "C:\Program Files". Known file sizes on Windows XP are 495616 bytes (50% of all occurrence), 483328 bytes, 471040 bytes.
There is an icon for this program on the taskbar next to the clock. It is not a Windows system file. Therefore the technical security rating is 24% dangerous.
Important: Some malware camouflage themselves as LManager.exe, particularly if they are located in c:\windows or c:\windows\system32 folder.
COMMENTS: A Windows 2000/XP Service Program for Acer eManager
COMPANY NAME: OSA Technologies Inc.
FILE ATTRIBUTES: Archive
FILE DESCRIPTION: Service Program for Acer eManager
FILE FOLDER: %ROOT%\acer\emanager
FILE NAME: anbmserv.exe
FILE SIZE: 1,287,168 KB
FILE VERSION: 3.0.5.8
LEGAL COPYRIGHT: Acer Inc. (c) 2004
LEGAL TRADEMARKS: Acer Empowering Technology
MD5 SIGNATURE: c10d0fae427ea464edea2ee5dc40f056
PRODUCT NAME: Acer eManager for Notebook
PRODUCT VERSION: 1.0
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ |
|
Eldritch0
join:2005-12-24
Reisterstown, MD
| reply to vircotto
What do you expect from a manufacturer that puts out laptops with FAT32 and not NTFS? We deal with Acer laptops all the time. If I can get my hands on one sometime soon I'll look into this ActiveX hole.
--
"I hate to advocate drugs, alcohol, violence, or insanity to anyone, but they've always worked for me."-H.S. Thompson
Fact: Performing fellatio relieves menstrual cramps. |
|
javaMan
Premium,MVM
join:2002-07-15
San Luis Obispo, CA
| reply to La Luna
said by La Luna :. . . This appears to be more of an error on their part, rather than a purposeful "malware" install. Certainly true but it does demonstrate the vulnerability inherent in ActiveX. Well, maybe not so much ActiveX as the trustworthiness of the those who use it. Which, in the end, is perhaps really the same thing.
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20 |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
·Vonage
| reply to severach
said by severach :You can make your own disk for any brand. You only need to run that infested OEM install just long enough to grab a few things. My Acer doesn't have that malware. » www.msfn.org/board/index.php?showtopic=63258 Comparatively speaking, Acer puts a lot less crap on their OEM's than many other brands. They didn't even pre-install Norton AV that came with mine, like so many others do.
This appears to be more of an error on their part, rather than a purposeful "malware" install.
--
~~Well, I think you're crazy, I think you're crazy, I think you're crazy, just like me...~~
|
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
·Vonage
| reply to koocho
said by koocho :Acer have a patch up on their sites here Yes, we know.
said by fatness :
Update:
Meanwhile Acer provides an official security patch to remedy this problem.
--
~~Well, I think you're crazy, I think you're crazy, I think you're crazy, just like me...~~
|
|
severach
join:2002-09-12
Jackson, MI
| reply to jansson_mark
You can make your own disk for any brand. You only need to run that infested OEM install just long enough to grab a few things. My Acer doesn't have that malware.
»www.msfn.org/board/index.php?showtopic=63258 |
|
