dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
25
share rss forum feed


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
reply to vircotto

Re: Acer puts Active X hole on laptops

Those with Acer computers might wish to check out this link to Heise Security:
»www.heise-security.co.uk/news/83426

"Many Acer laptops have a dangerous backdoor, which can be used by websites to gain complete control over the laptop. The problem lies with the LunchApp.APlunch Active X control, which is installed by default and which heise Security found on all the Acer laptops it tested, including a brand new TravelMate, which happened to be in the c't editorial suite for testing. Visiting a test website, which was easily set up, started the Windows calculator on this system without user interaction.

The control, with class ID D9998BD0-7957-11D2-8FED-00606730D3AA, is marked as safe for scripting by the manufacturer, so that any website can call it and control it using JavaScript. Using the Run method, it would be possible to launch any program on the system at will, and even pass parameters to programs it is launching. ..."

Apparently, it's possibly been on Acer laptops dating to 1998.

"Even an Acer rep admitted to heise Security that it looked as if it had simply been forgotten. Removing it does not cause any loss of performance on the system tested."
--
If God wanted us to work with electrons, He'd make them big enough to see...



fatness
subtle
Premium,ex-mod 01-13
join:2000-11-17
fishing
kudos:14

3 recommendations

»www.heise-security.co.uk/news/83426

quote:
Update:
Meanwhile Acer provides an official security patch to remedy this problem.
--
Me, I want a hula hoop..


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57

1 recommendation

Thanks for posting that

I executed it on my laptop last evening..with no problems to report at all.



Derspankster
Premium
join:2003-02-12
Marion, OH

Thanks for the post and link. I just downloaded and ran the patch.
--
I thought I made a mistake once but I was wrong