Slashdot Mirror

← Back to Stories (view on slashdot.org)

Acer May Be Bugging Computers

Posted by Zonk on from the might-want-to-look-into-this dept.

tomjen writes "What if a well known laptop company had silently placed an ActiveX Control on their computers that allowed any webpage to execute any program? Well Acer apparently has and they have (based on the last modified-by date of the file) been doing this since 1998. 'Checking the interface of the control reveals it has a method named "Run()" as shown below. The method supports parameters "Drive", "FileName", and "CmdLine". Isn't it strange for a control that's marked "safe for scripting" to allow a method that is suggestive of possible abuse?'"

21 of 396 comments (clear)

  1. But dude... by Thaidog · · Score: 5, Funny

    They're Ferrari's

    --

    ||| I still can't believe Parkay's not butter.

    1. Re:But dude... by Salvance · · Score: 5, Funny

      Sucks to be one of the bloggers who accepted an Acer ... sounds like Microsoft wasn't being nice at all, maybe they're just increasing their spy network.

      --
      Crack - Free with every butt and set of boobs
  2. Re:Phew! by BrainInAJar · · Score: 5, Funny

    Mine shipped with Linux, which I immediately wiped & installed FreeBSD, but I appreciate the thought

  3. Re:Phew! by gardyloo · · Score: 5, Funny

    Haha. I was just joking. I actually use mine by drilling through the case, and making and breaking a couple of connections between the motherboard and three "C" cells hooked in series with paperclips. Manually, beeyotch. Real men type in raw binary without the keyboard. But I appreciate the thought.

  4. Re:to those of us uneducated by Anonymous Coward · · Score: 5, Informative
    Please give examples or something of how this could be used for ill purposes. Yes, I realize it is obvious to most people but I'm a beginner. I do not know what harm can come of the power, in and of itself, of being able to run a program that is already on computer. Would one, through this particular acer thing, be able to pass things to that program and then have that program in turn do other bad things or what? Please give rudimentary examples.
    One could, for example, use the Windows ftp.exe client to download an arbitrary program (e.g. botnet software) and then execute it. I'm certain there are even better ways to do it but this one could work well enough to completely take over the machine.
  5. Re:Phew! by pboulang · · Score: 5, Funny
    I spend a hundred bucks on dinner sometimes, and that's just for me, not including the babe or the vino. Sheesh.
    Do you have to pay for the babe by the hour or is it a flat rate?
    --

    This comment is guaranteed*

    *not guaranteed

  6. Lessons learned... by Anonymous Coward · · Score: 5, Insightful

    1) Whenever possible, build your own.

    2) When you can't build your own (laptops), *always* re-install your OS after purchasing a new computer, and for God's sake use a real install CD and not the recovery one provided by the manufacturer.

  7. LunchApp.ocx by snicho99 · · Score: 5, Funny
    Don't panic. It's not a method for launching applications.

    The original article failed to notice that it's a Lunch application. It's actually a throw back to when Acer briefly partnered up with 180solutions to deliver targeted pop-under sandwiches to hungry laptop owners. The idea being that after seventeen hours of trying to uninstall Bonsai Buddy the computer user would be debilitated through starvation and susceptible receptive to sp(iced h)am..

    The program was abandoned when Acer's engineers failed to perfect the wasabi-over-ip protocol - leaving the whole system unreliable an prone to bagel overrun.

    --
    -Steve http://www.stevennicholson.com
  8. Re:present on Aspire 1690 by valeurnutritive · · Score: 5, Informative

    To remove this from your machine.

    Goto Start > Run and type:
    regsvr32 -u lunchapp.ocx

    (-u for uninstall)

  9. Uhh, there already IS an exploit... by nweaver · · Score: 5, Informative

    Read the article: Theres a trivial piece of example "exploit" code running calc.exe.

    But as you can run ANY windows binary with any command line (at least according to the article), actual exploitation is trivial.

    --
    Test your net with Netalyzr
  10. Late again! by whoever57 · · Score: 5, Informative

    Apparently, someone in Brazil noticed this last November

    --
    The real "Libtards" are the Libertarians!
  11. Re:And now that it's publicized... by Joebert · · Score: 5, Funny

    Exactly, they're made by the Tooth Fairy & the Easter Bunny with the help of Santas' elves during their offseasons.

    --
    Wanna fight ? Bend over, stick your head up your ass, and fight for air.
  12. Re:And now that it's publicized... by Ninwa · · Score: 5, Informative

    The class-id was in the article :-) D9998BD0-7957-11D2-8FED-00606730D3AA

  13. Re:I'm not impressed with this IE7 "improvement" by suv4x4 · · Score: 5, Interesting

    You may be shocked to realize that Firefox plugins and extensions don't run in any sandbox at all. They in fact have access to any resource Firefox has, which on a Windows machine is usually administrator capabilities.

    So what was the beef with ActiveX again?

    Oh, and in Vista, IE7 runs in limited mode even on admin accounts, so ActiveX controls are limited too. Firefox so far doesn't take advantage of this.

    It's easy to open wide a big mouth and flame Microsoft, but the thing is: how is the competition better?

    I won't be surprised if all it's better about (in terms of security) is that it's less popular and thus less targeted by malware authors. We've seen some of this during the Firefox adoption boom, but I'm afraid IE7 might kill the further adoption of Firefox so I can prove it.

  14. Re:On behalf of Acer by sunwukong · · Score: 5, Insightful

    But do you know they haven't placed a rootkit on the preinstalled Linux?

  15. pre-owned? by BigBuckHunter · · Score: 5, Funny

    Kinda changes the definition of a "pre-owned" machine!

    BBH

  16. Re:present on Aspire 1690 by Staale+Nordlie · · Score: 5, Insightful

    Why not just create a website that will use this vulnerability to run this "unregister" command on our machines and eliminate the vulnerability? I copied the command posted by valeurnutritive into the html demonstration code from the article. Worked just fine as far as I can tell. It has a certain poetry to it. :)

    <html>
    <body>
    <object classid="clsid:D9998BD0-7957-11D2-8FED-00606730D3A A" id="hahaha">
    </object>
    <script>
    hahaha.Run("c", "\\windows\\system32\\regsvr32.exe -u lunchapp.ocx", "");
    </script>
    </html>
    </body>
  17. Re:@mozilla.org/process/util;1 by h2g2bob · · Score: 5, Insightful

    Exactly, that's for extensions (and the browser itself) and is protected from execution by web pages. Exploits to either firefox or it's extensions or themes can lead to pwnage (same as any internet-capable program).

    The difference between ie activex and fx extensions is that firefox encourages you to go through addons.mozilla.org, for which all the extensions are reviewed (though I don't know how thoroughly) and update automatically (eg if exploits are found).

  18. (My Acer - Windows) + Windows + Linux = Good by 5of0 · · Score: 5, Funny

    Note: The following comments are legitimate information, designed to help people help themselves. I am not an Acer fanboy (I reserve that for SanDisk), but I like my laptop. YMMV.
    Actually, I have an Acer Aspire 1640. It's a nice machine for the $799 I got it for about 6 months ago. And Acer doesn't load a bunch of AOL/WildTangent/EarthLink/etc useless "applications" that are bundled because they can't stand on their own, like certain other manufacturers *cough*Dell*cough*HP*cough*. The few things that were bundled (counted on *maybe* 2 hands) were actually useful.
    Once I got to college (where I have access to $10 Win XP Pro discs) I wiped it, reinstalled Windows (gasp!) *and* Ubuntu Linux. Works great, and with 120GB HD, plenty of space for both OS's. The Windows works great, since it's very light (only Windows-only stuff, everything else is on Ubuntu+Wine).
    Hardware support on Linux is pretty decent. After some elbow grease, wireless, ethernet, widescreen, CPU power stepping, Sansa m250, even hardware buttons are working. Sound is the only thing I'm not sure about, output works fine, input seems finicky. I could probably fix it, but I don't care that much yet.

    So...I'm not that concerned. Besides, who uses Internet Explorer anyway?
    (That was sarcasm. I know the correct answer is "98% of everyone, luser!")
    (That was sarcasm too. I know the correct answer is really "No, it's 89%, n00b!!11!!BBQ!! Look at my fancy link!!")
    (Other appropriate comments include "I for one welcome our new Acer-invited overlords", "In soviet russia, computers bug Acer!", "I use lynx, you insensitive clod", "Ubuntu sux. [Insert Distro Name Here] is sooo, like, better because [insert unsubtantiated claim here].", etc., ad infinitum.)

    --
    You all have Oo.o and Firefox, so get World Wind.
  19. Re:Phew! by Dilaudid · · Score: 5, Funny

    Old? Hah I rememember trolling by morse code back when slashdot was a ham radio channel.

  20. Re:Phew! by anticypher · · Score: 5, Funny

    I rememember trolling by morse code back when slashdot was a ham radio channel.

    Youngsters these days. Back then it was called dashdot, it predated even radio, the oldest of us trolled with semaphores. With the introduction of electrickity, the whole telegraph scene took off. Then some guy named Morse forked the project and publicised the code as his own. It's been downhill ever since.

    Hitches up his braces, fires some chaw in the spittoon, waits for someone older to out-troll

    the AC

    --
    Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on