Security → Re: Acer puts Active X hole on laptops

Those with Acer computers might wish to check out this link to Heise Security:
»www.heise-security.co.uk ··· ws/83426

"Many Acer laptops have a dangerous backdoor, which can be used by websites to gain complete control over the laptop. The problem lies with the LunchApp.APlunch Active X control, which is installed by default and which heise Security found on all the Acer laptops it tested, including a brand new TravelMate, which happened to be in the c't editorial suite for testing. Visiting a test website, which was easily set up, started the Windows calculator on this system without user interaction.

The control, with class ID D9998BD0-7957-11D2-8FED-00606730D3AA, is marked as safe for scripting by the manufacturer, so that any website can call it and control it using JavaScript. Using the Run method, it would be possible to launch any program on the system at will, and even pass parameters to programs it is launching. ..."

Apparently, it's possibly been on Acer laptops dating to 1998.

"Even an Acer rep admitted to heise Security that it looked as if it had simply been forgotten. Removing it does not cause any loss of performance on the system tested."

»www.heise-security.co.uk ··· ws/83426

quote:

---

Update:
Meanwhile Acer provides an official security patch to remedy this problem.

---

Thanks for posting that

I executed it on my laptop last evening..with no problems to report at all.

Thanks for the post and link. I just downloaded and ran the patch.