Acer puts Active X hole on laptops

LAPTOP OUTFIT Acer seems to have placed an Active X control on its computers that seems to allow webpages to execute any program.

This huge hole in network security has been installed on board Acer lap-tops since 1998.

The exploit was found by Tan Chew Keong who posted details on his bog here. He smelt a rat when he noticed that his Acer TravelMate 4150 notebook contained a LunchApp.APlunch ActiveX control, which is marked as "safe for scripting" and "safe for initialising from persistent data".

Looking at the file he discovered its control is part of the suite of applications that is distributed by default in Acer notebooks. It has apparently been around since November 1998.

Keong has published an exploit which shows how a hacker can use the flaw to run any bit of code they like.

Those who have disabled ActiveX when they upgraded to IE7 can rest easy. µ