Create an Account
username: password:
 
  MemeStreams Logo

Possible backdoor in Acer laptops
search
Home Agent Weblogs Social Network Post Help About

Graham
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Graham's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
Possible backdoor in Acer laptops
Topic: Technology 8:52 am EST, Jan  9, 2007

Recently, I noticed that my Acer TravelMate 4150 notebook contains the LunchApp.APlunch ActiveX control, which is marked as "safe for scripting" and "safe for initializing from persistent data".
...
Checking the interface of the control reveals it has a method named "Run()" as shown below. The method supports parameters "Drive", "FileName", and "CmdLine". Isn't it strange for a control that's marked "safe for scripting" to allow a method that is suggestive of possible abuse?
...
It isn't long before I'm using this control from a webpage to execute arbitrary commands on my notebook when the page is loaded in IE6. And it's too simple....

From the site this has only been tested on two Acer laptops - the Acer Aspire 5600 and the Acer TravelMate 4150 - and both from Singapore, but if it is more widespread then this could be dangerous...

Possible backdoor in Acer laptops

Thread [2]


  
 
Powered By Industrial Memetics		RSS2.0