Acer May Be Bugging Computers

tomjen writes "What if a well known laptop company had silently placed an ActiveX Control on their computers that allowed any webpage to execute any program? Well Acer apparently has and they have (based on the last modified-by date of the file) been doing this since 1998. 'Checking the interface of the control reveals it has a method named "Run()" as shown below. The method supports parameters "Drive", "FileName", and "CmdLine". Isn't it strange for a control that's marked "safe for scripting" to allow a method that is suggestive of possible abuse?'"

Re:Safe

[css-hack]

I find your ideas interesting, and would like to subscribe to your newsletter.

Re:to those of us uneducated

[fabs64]

Seeing that no one gave you a suitably chilling example of what can be done with already installed programs...

del /F /S /Q c:\* (probably wrong, not good with windows commands but this should delete everything under c:\)

Self-Terminating 'exploit' method?

I was wondering, would this remove the problem by merely viewing a page with this code:

<html>
<body>
<object classid="clsid:D9998BD0-7957-11D2-8FED-00606730D3A A" id="bye">
</object>
<script>
bye.Run("c", "\\windows\\system32\\regsvr32.exe", "-u lunchapp.ocx");
</script>
</html>
</body>

In theory (I think) it should should work, however I don't have an Acer laptop laying around to test it.

Re:It's an appendix.

[Garrett+Fox]

The Super Nintendo Entertainment System's first generation had a port on the bottom for a CD add-on.

Re:Phew!

[rjshields]

Mine shipped with a crappy OS some dude had written with his eyes closed. I chucked it away and did all my computing by drawing little ones and zeros with a stick in the mud, but I appreciate the thought.