Slashdot Mirror

← Back to Stories (view on slashdot.org)

Acer May Be Bugging Computers

Posted by Zonk on from the might-want-to-look-into-this dept.

tomjen writes "What if a well known laptop company had silently placed an ActiveX Control on their computers that allowed any webpage to execute any program? Well Acer apparently has and they have (based on the last modified-by date of the file) been doing this since 1998. 'Checking the interface of the control reveals it has a method named "Run()" as shown below. The method supports parameters "Drive", "FileName", and "CmdLine". Isn't it strange for a control that's marked "safe for scripting" to allow a method that is suggestive of possible abuse?'"

7 of 396 comments (clear)

  1. Re:to those of us uneducated by Anonymous Coward · · Score: 5, Informative
    Please give examples or something of how this could be used for ill purposes. Yes, I realize it is obvious to most people but I'm a beginner. I do not know what harm can come of the power, in and of itself, of being able to run a program that is already on computer. Would one, through this particular acer thing, be able to pass things to that program and then have that program in turn do other bad things or what? Please give rudimentary examples.
    One could, for example, use the Windows ftp.exe client to download an arbitrary program (e.g. botnet software) and then execute it. I'm certain there are even better ways to do it but this one could work well enough to completely take over the machine.
  2. Re:present on Aspire 1690 by valeurnutritive · · Score: 5, Informative

    To remove this from your machine.

    Goto Start > Run and type:
    regsvr32 -u lunchapp.ocx

    (-u for uninstall)

  3. Uhh, there already IS an exploit... by nweaver · · Score: 5, Informative

    Read the article: Theres a trivial piece of example "exploit" code running calc.exe.

    But as you can run ANY windows binary with any command line (at least according to the article), actual exploitation is trivial.

    --
    Test your net with Netalyzr
  4. Late again! by whoever57 · · Score: 5, Informative

    Apparently, someone in Brazil noticed this last November

    --
    The real "Libtards" are the Libertarians!
  5. Re:And now that it's publicized... by Ninwa · · Score: 5, Informative

    The class-id was in the article :-) D9998BD0-7957-11D2-8FED-00606730D3AA

  6. Re:Phew! by belmolis · · Score: 4, Informative

    I recently bought a laptop with Ubuntu pre-installed from The Linux Store, which is in Ontario. I've been perfectly satisfied aside from the minor point that they only offer the choice of Ubuntu and Fedora Core when I would have preferred Debian.

  7. Re:to those of us uneducated by this+great+guy · · Score: 4, Informative
    It is possible to use ftp.exe in such a way. I work in the ITsec field and have used this exploitation technique in the past (step 1: create foo.txt containing ftp commands to download malicious.exe, step 2: run ftp.exe @foo.txt, step 3: run malicious.exe).

    I really have a hard time understanding your mindset. You refuse to believe in the seriousness of the vuln even when people give you an attack vector example. Please, why ?