Acer puts Active X hole on laptops

Security, it has heard of it

By Nick Farrell

Mon Jan 08 2007, 08:50

LAPTOP OUTFIT Acer seems to have placed an Active X control on its computers that seems to allow webpages to execute any program.

This huge hole in network security has been installed on board Acer lap-tops since 1998.

The exploit was found by Tan Chew Keong who posted details on his bog here. He smelt a rat when he noticed that his Acer TravelMate 4150 notebook contained a LunchApp.APlunch ActiveX control, which is marked as "safe for scripting" and "safe for initialising from persistent data".

Looking at the file he discovered its control is part of the suite of applications that is distributed by default in Acer notebooks. It has apparently been around since November 1998.

Keong has published an exploit which shows how a hacker can use the flaw to run any bit of code they like.

Those who have disabled ActiveX when they upgraded to IE7 can rest easy. µ

Newly patched Safari flaws pose serious risks A proof-of-concept remote code execution exploit is available Thursday, 13 October 2011, 11:26 AM Read more	McAfee warns of security holes in car computer systems Safety of drivers is threatened by car hacking Wednesday, 7 September 2011, 13:21 PM Read more
Wordpress blogs are at risk Hole found in a popular third-party script Wednesday, 3 August 2011, 15:11 PM Read more	Acer announces its Travelmate 5760 laptop Another laptop coming out next month Thursday, 23 June 2011, 11:09 AM Read more
Criminals hit Oracle flaws hard with Java exploits Windows OS exploits also increase Thursday, 12 May 2011, 17:42 PM Read more	RIM advises Blackberry owners to disable Javascript Protection against vulnerability found at Pwn2Own Wednesday, 16 March 2011, 10:33 AM Read more

< Previous article| Next article >

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

Information currently unavailable

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Acer puts Active X hole on laptops

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review

Databases

Network management

Security

Service oriented architecture

Storage