fatness
subtle
Janitor
join:2000-11-17
fishing
 ·EarthLink
Host:
Earthlink DSL
TekSavvy
Forum Feature Requ..
Need Site Help?
Rants, Raves, and ..
| reply to Blackbird
Re: Acer puts Active X hole on laptops
»www.heise-security.co.uk/news/83426
quote:
Update:
Meanwhile Acer provides an official security patch to remedy this problem.
--
Me, I want a hula hoop.. |
|
vircotto
join:2002-06-04
Illinois
| reply to vircotto
Thanks, fatness, for that link. (I couldn't find this on Acer's Pan-American site and now sections of that support site are generating ColdFusion errors when I try to view them.) I didn't think to look at their Euro site!
And thanks to the others, and esp. NG for being critical (in the good way!) and courteous. |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
 ·Optimum Online
 ·Vonage
1 edit | reply to vircotto
Thank you fatness  !
*sigh*
Guess I have to get this patch for my laptop. Has anyone looked at it yet? After unzipping, then what? I'm not on the laptop so I haven't downloaded it yet. |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
 ·AT&T U-Verse
| said by La Luna :Thank you fatness ! *sigh* Guess I have to get this patch for my laptop. Has anyone looked at it yet? After unzipping, then what? I'm not on the laptop so I haven't downloaded it yet. Just downloaded it and checked the zip file. It's a single executable. "AcerAppFix.exe" which I haven't run yet. Will wait til after I'm done hosting the updates sticky tomorrow before updating in case it screws something up.
--
Team Discovery
|
|
lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
clubs: |  reply to fatness
Thanks for posting that
I executed it on my laptop last evening..with no problems to report at all. |
|
Derspankster
Premium
join:2003-02-12
Marion, OH | Thanks for the post and link. I just downloaded and ran the patch.
--
I thought I made a mistake once but I was wrong |
|
captokita
Premium
join:2005-02-22
Calabash, NC | reply to vircotto
Good grief. I'll have to grab that patch fatness posted.
Can you just uninstall the backweb-type stuff completely? I don't need, or really want, my laptop calling home to Acer (or anyone) for anything. |
|
koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
| reply to vircotto
One more reason Oem manufacutures need to be forced to provide 3 things.
1. Windows Hologram CD
2. Driver CD
3. Software CD {IE all the trash programs that are forced on ya IE Nortan et..... to be in complience with there contracts.}
LIke it used to be back in the day.
--
† Koma †
If YOu Don't Think It's Possable!! It's Acually A Reality!! The best way to predict the future is to invent it. Alan Kay!!
Ya Don't Know The signal Till Ya Ride It!!
Voice Break's There's Trouble!! |
|
Derspankster
Premium
join:2003-02-12
Marion, OH
·RoadRunner Cable
·RoadRunner Cable
| said by koma3504 : One more reason Oem manufacutures need to be forced to provide 3 things. 1. Windows Hologram CD 2. Driver CD 3. Software CD {IE all the trash programs that are forced on ya IE Nortan et..... to be in complience with there contracts.} LIke it used to be back in the day. Absolutely! But, how to make it happen? The only OEM machine I own is my laptop. If I could have built my own laptop, I would have. The only software that came with my Acer laptop were the 'restore' disks. Now, why would I want to restore it to the sorry state that it was shipped?
--
I thought I made a mistake once but I was wrong |
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
2 edits | reply to vircotto
Finally had a chance to test my Acer 5102, and the LunchApp.ocx did in fact reside in my Windows\System Folder.
And dated 1998 just like the original link by Tan Chew Keong:
»vuln.sg/acerlunchapp-en.html
I generally use Opera, but I tested it with IE7 and simply got a warning that it wanted to run.
And the simple test to launch Calc.exe (or any other .exe for that matter), is so simple it's downright scary.
Anyway, I played around with mine before I came back to this thread, so I didn't see the 'patch' offered by Acer until now.
Instead, I unregistered the file and then removed it as suggested in yet another article/'test' page that I came across.
»www.futt.org/?p=97#more-97
No adverse effects, and of course, no more 'warnings' on the test pages.
The only thing I haven't done yet is what was suggested in the last sentence of the above article:
quote:
Next, you should make one angry phone call to Acer for screwing you over like that...
--
I had a life once.....now I have a Computer and a Modem. |
|
koocho
@fastwebnet.it | reply to vircotto
Acer have a patch up on their sites
here |
|
severach
join:2002-09-12
Jackson, MI
| reply to jansson_mark
You can make your own disk for any brand. You only need to run that infested OEM install just long enough to grab a few things. My Acer doesn't have that malware.
»www.msfn.org/board/index.php?showtopic=63258 |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
·Vonage
| reply to koocho
said by koocho :Acer have a patch up on their sites here Yes, we know.
said by fatness :
Update:
Meanwhile Acer provides an official security patch to remedy this problem.
--
~~Well, I think you're crazy, I think you're crazy, I think you're crazy, just like me...~~
|
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
·Vonage
| reply to severach
said by severach :You can make your own disk for any brand. You only need to run that infested OEM install just long enough to grab a few things. My Acer doesn't have that malware. » www.msfn.org/board/index.php?showtopic=63258 Comparatively speaking, Acer puts a lot less crap on their OEM's than many other brands. They didn't even pre-install Norton AV that came with mine, like so many others do.
This appears to be more of an error on their part, rather than a purposeful "malware" install.
--
~~Well, I think you're crazy, I think you're crazy, I think you're crazy, just like me...~~
|
|
javaMan
Premium,MVM
join:2002-07-15
San Luis Obispo, CA
| said by La Luna :. . . This appears to be more of an error on their part, rather than a purposeful "malware" install. Certainly true but it does demonstrate the vulnerability inherent in ActiveX. Well, maybe not so much ActiveX as the trustworthiness of the those who use it. Which, in the end, is perhaps really the same thing.
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20 |
|
Eldritch0
join:2005-12-24
Reisterstown, MD
| reply to vircotto
What do you expect from a manufacturer that puts out laptops with FAT32 and not NTFS? We deal with Acer laptops all the time. If I can get my hands on one sometime soon I'll look into this ActiveX hole.
--
"I hate to advocate drugs, alcohol, violence, or insanity to anyone, but they've always worked for me."-H.S. Thompson
Fact: Performing fellatio relieves menstrual cramps. |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
1 edit | reply to vircotto
As a side note I did find info that there were programs installed by ACER that are in the add/remove and this other info on some of their functions..but could not tell you effect on the laptops if you removed them.
**********************************
»www.acer.co.th/product/travelmat···ager.htm
»forum.ccleaner.com/index.php?showtopic=8129
found in add/remove programs
Acer eManager for Notebook
Acer ePowerManagement
Acer GridVista
lmanager.exe is a process associated with Acer Launch Manager from Dritek System Inc..
U Launchboard lnchbrd.exe "LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions"
U LaunchApp Alaunch.exe Acer Launch tool utility on laptops
U LaunchAp LaunchAp.exe Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610
Author: Dritek System Inc.
Part Of: Acer Launch Manager
LManager.exe file information
The process Acer Launch Manager Keyboard Application belongs to the software Acer Launch Manager by Dritek System Inc (www.dritek.com.tw).
Description: File LManager.exe is located in a subfolder of "C:\Program Files". Known file sizes on Windows XP are 495616 bytes (50% of all occurrence), 483328 bytes, 471040 bytes.
There is an icon for this program on the taskbar next to the clock. It is not a Windows system file. Therefore the technical security rating is 24% dangerous.
Important: Some malware camouflage themselves as LManager.exe, particularly if they are located in c:\windows or c:\windows\system32 folder.
COMMENTS: A Windows 2000/XP Service Program for Acer eManager
COMPANY NAME: OSA Technologies Inc.
FILE ATTRIBUTES: Archive
FILE DESCRIPTION: Service Program for Acer eManager
FILE FOLDER: %ROOT%\acer\emanager
FILE NAME: anbmserv.exe
FILE SIZE: 1,287,168 KB
FILE VERSION: 3.0.5.8
LEGAL COPYRIGHT: Acer Inc. (c) 2004
LEGAL TRADEMARKS: Acer Empowering Technology
MD5 SIGNATURE: c10d0fae427ea464edea2ee5dc40f056
PRODUCT NAME: Acer eManager for Notebook
PRODUCT VERSION: 1.0
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ |
|
jdong
Eat A Beaver, Save A Tree.
Premium
join:2002-07-09
Rochester, MI
clubs:
| reply to vircotto
This is indeed a serious hole if exploitable (i.e. if one is using an ActiveX enabled browser with default security settings) -- it can be used to execute any command on behalf of the user. It can easily be modified to delete/format drives or files accessible by the user (in all cases, their Documents folder, in some cases, USB pen drive, hard drive, etc).
It can also be used to launch FTP.exe with a text script that downloads more exploits to run.
The current proof-of-concept is used to just launch calc.exe, but you can replace that call with any other command -- anything that your start->run dialog can do, this can do!
The hidden story I think is, lots of OEM's are bundling support apps that are meant to be used by tech support to take control of your computer to assist you, with permission. How safe are these implementations?
--
UbuntuForums Administrator: try Ubuntu Linux |
|
javaMan
Premium,MVM
join:2002-07-15
San Luis Obispo, CA
| said by jdong :. . . The hidden story I think is, lots of OEM's are bundling support apps that are meant to be used by tech support to take control of your computer to assist you, with permission. How safe are these implementations? And it doesn't help when you have Dumb and Dumber doing your implementations. This was an especially ill conceived idea on someones part and it makes one wonder how many other bad ideas are lurking on OEM machines.
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20 |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
·Vonage
| reply to javaMan
said by javaMan :said by La Luna :. . . This appears to be more of an error on their part, rather than a purposeful "malware" install. Certainly true but it does demonstrate the vulnerability inherent in ActiveX. Well, maybe not so much ActiveX as the trustworthiness of the those who use it. Which, in the end, is perhaps really the same thing. Well, I think most of us already knew about ActiveX vulnerabilities (didn't we?  ).
I'm glad they at least patched this pretty quickly, once they were alerted to it.
--
~~Well, I think you're crazy, I think you're crazy, I think you're crazy, just like me...~~
|
|
