|
koocho to vircotto
Anon
2007-Jan-11 1:00 pm
to vircotto
Re: Acer puts Active X hole on laptopsAcer have a patch up on their sites here |
|
|
to jansson_mark
You can make your own disk for any brand. You only need to run that infested OEM install just long enough to grab a few things. My Acer doesn't have that malware. » www.msfn.org/board/index ··· ic=63258 |
|
La LunaFly With The Angels My Beloved Son Chris Premium Member join:2001-07-12 New Port Richey, FL
1 recommendation |
to koocho
said by koocho :Acer have a patch up on their sites here Yes, we know. said by fatness : Update: Meanwhile Acer provides an official security patch to remedy this problem.
|
|
La Luna
1 recommendation |
to severach
Comparatively speaking, Acer puts a lot less crap on their OEM's than many other brands. They didn't even pre-install Norton AV that came with mine, like so many others do. This appears to be more of an error on their part, rather than a purposeful "malware" install. |
|
javaManThe Dude abides. MVM join:2002-07-15 San Luis Obispo, CA |
said by La Luna:. . . This appears to be more of an error on their part, rather than a purposeful "malware" install. Certainly true but it does demonstrate the vulnerability inherent in ActiveX. Well, maybe not so much ActiveX as the trustworthiness of the those who use it. Which, in the end, is perhaps really the same thing. |
|
|
to vircotto
What do you expect from a manufacturer that puts out laptops with FAT32 and not NTFS? We deal with Acer laptops all the time. If I can get my hands on one sometime soon I'll look into this ActiveX hole. |
|
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI 1 edit |
to vircotto
As a side note I did find info that there were programs installed by ACER that are in the add/remove and this other info on some of their functions..but could not tell you effect on the laptops if you removed them.
**********************************
http://www.acer.co.th/product/travelmate/eManager.htm
http://forum.ccleaner.com/index.php?showtopic=8129
found in add/remove programs Acer eManager for Notebook Acer ePowerManagement Acer GridVista
lmanager.exe is a process associated with Acer Launch Manager from Dritek System Inc..
U Launchboard lnchbrd.exe "LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions" U LaunchApp Alaunch.exe Acer Launch tool utility on laptops U LaunchAp LaunchAp.exe Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610
Author: Dritek System Inc. Part Of: Acer Launch Manager
LManager.exe file information The process Acer Launch Manager Keyboard Application belongs to the software Acer Launch Manager by Dritek System Inc (www.dritek.com.tw).
Description: File LManager.exe is located in a subfolder of "C:\Program Files". Known file sizes on Windows XP are 495616 bytes (50% of all occurrence), 483328 bytes, 471040 bytes. There is an icon for this program on the taskbar next to the clock. It is not a Windows system file. Therefore the technical security rating is 24% dangerous.
Important: Some malware camouflage themselves as LManager.exe, particularly if they are located in c:\windows or c:\windows\system32 folder.
COMMENTS: A Windows 2000/XP Service Program for Acer eManager COMPANY NAME: OSA Technologies Inc. FILE ATTRIBUTES: Archive FILE DESCRIPTION: Service Program for Acer eManager FILE FOLDER: %ROOT%\acer\emanager FILE NAME: anbmserv.exe FILE SIZE: 1,287,168 KB FILE VERSION: 3.0.5.8 LEGAL COPYRIGHT: Acer Inc. (c) 2004 LEGAL TRADEMARKS: Acer Empowering Technology MD5 SIGNATURE: c10d0fae427ea464edea2ee5dc40f056 PRODUCT NAME: Acer eManager for Notebook PRODUCT VERSION: 1.0 |
|
jdongEat A Beaver, Save A Tree. Premium Member join:2002-07-09 Rochester, MI |
to vircotto
This is indeed a serious hole if exploitable (i.e. if one is using an ActiveX enabled browser with default security settings) -- it can be used to execute any command on behalf of the user. It can easily be modified to delete/format drives or files accessible by the user (in all cases, their Documents folder, in some cases, USB pen drive, hard drive, etc). It can also be used to launch FTP.exe with a text script that downloads more exploits to run. The current proof-of-concept is used to just launch calc.exe, but you can replace that call with any other command -- anything that your start->run dialog can do, this can do! The hidden story I think is, lots of OEM's are bundling support apps that are meant to be used by tech support to take control of your computer to assist you, with permission. How safe are these implementations? |
|
javaManThe Dude abides. MVM join:2002-07-15 San Luis Obispo, CA
1 recommendation |
said by jdong:. . . The hidden story I think is, lots of OEM's are bundling support apps that are meant to be used by tech support to take control of your computer to assist you, with permission. How safe are these implementations? And it doesn't help when you have Dumb and Dumber doing your implementations. This was an especially ill conceived idea on someones part and it makes one wonder how many other bad ideas are lurking on OEM machines. |
|
La LunaFly With The Angels My Beloved Son Chris Premium Member join:2001-07-12 New Port Richey, FL |
to javaMan
said by javaMan:said by La Luna:. . . This appears to be more of an error on their part, rather than a purposeful "malware" install. Certainly true but it does demonstrate the vulnerability inherent in ActiveX. Well, maybe not so much ActiveX as the trustworthiness of the those who use it. Which, in the end, is perhaps really the same thing. Well, I think most of us already knew about ActiveX vulnerabilities (didn't we? ). I'm glad they at least patched this pretty quickly, once they were alerted to it. |
|
1 edit |
said by La Luna:I'm glad they at least patched this pretty quickly, once they were alerted to it. What do you mean alerted to it. They put it on the bloody thing in the first place! Kinda like "oops we forgot...Sorry people our bad." more like " Oh crap we got caught!" |
|
javaManThe Dude abides. MVM join:2002-07-15 San Luis Obispo, CA |
said by sharpy merc:said by La Luna:I'm glad they at least patched this pretty quickly, once they were alerted to it. What do you mean alerted to it. They put it on the bloody thing in the first place! Kinda like "oops we forgot...Sorry people our bad." more like " Oh crap we got caught!" I think in reading about it there was a note somewhere that mentioned that it wasn't even being used anymore and apparently no one had bothered to follow up and remove it. It was just being installed for no reason other than to serve as a possible vector for disastrous abuse. |
|
La LunaFly With The Angels My Beloved Son Chris Premium Member join:2001-07-12 New Port Richey, FL |
to sharpy merc
said by sharpy merc:said by La Luna:I'm glad they at least patched this pretty quickly, once they were alerted to it. What do you mean alerted to it. They put it on the bloody thing in the first place! Kinda like "oops we forgot...Sorry people our bad." more like " Oh crap we got caught!" Tinfoil anyone? Please read the article. |
|
FiL25 Premium Member join:2005-08-16 Silver Spring, MD 1 edit |
to Name Game
stupid Acer... |
|
jabarnutLight Years Away Premium Member join:2005-01-22 Galaxy M31 4 edits |
to vircotto
said by javaMan:...I think in reading about it there was a note somewhere that mentioned that it wasn't even being used anymore and apparently no one had bothered to follow up and remove it.... Yes, that's my take on this. I really don't think there was any malicious intent way back when this poorly designed 'feature' was implemented, and it just sort of slipped through the cracks over the years. In fact, it may have actually been thought useful or even 'innovative' at the time. (I don't recall too many people preaching about the dangers of ActiveX back then). As shown, this has apparently been around since at least 1998 or earlier...10 or more years ago, yet it is only just now circulating around the web. With a security hole as big as this one, you can be sure we would have heard of some serious problems (and a fix) long before now, had anyone been aware of it. Of course, now that it *is* well known, I sure hope everyone is able to patch their machines before the 'bad guys' (who also know about it now), start having some fun. |
|
javaManThe Dude abides. MVM join:2002-07-15 San Luis Obispo, CA |
said by jabarnut:. . . Of course, now that it *is* well known, I sure hope everyone is able to patch their machines before the 'bad guys' (who also know about it now), start having some fun. LOL That was exactly my thought when I first read the article. |
|
jdongEat A Beaver, Save A Tree. Premium Member join:2002-07-09 Rochester, MI |
to vircotto
Someone posted on Digg a counter-attack that uses the exploit to unregister the exploitable ActiveX OCX |
|
javaManThe Dude abides. MVM join:2002-07-15 San Luis Obispo, CA |
said by jdong:Someone posted on Digg a counter-attack that uses the exploit to unregister the exploitable ActiveX OCX How ironic. |
|
La LunaFly With The Angels My Beloved Son Chris Premium Member join:2001-07-12 New Port Richey, FL |
to vircotto
Ahh well, all patched. Now I can sleep tonight. |
|
mers2 Premium Member join:2004-03-20 USA |
to vircotto
Patched here without a problem as well. |
|
dancy70 Premium Member join:2005-01-29 Mooresville, NC |
to vircotto
I have an Acer Aspire 3000 series as a 2nd laptop and, sure enough, LunchApp was there. It tried to get the fix from Acer, but the site was really bogged down, or something, but the recommendation in one of the links listed on this board to deactivate the control by going to Tools - Internet Options - Programs - Manage Add-ons worked nicely. Since I use FF on all of my computers and use IE only for updates, it probably would have gone unnoticed for a few more years (I have had the computer now for over a year) but for this board. It is interesting that a search for LunchApp, LApp, etc., even using the additional "fuzzy" options presented by Acer returned no documents TKU - Dan |
|