http://vuln.sg/acerlunchapp-en.html
I saw this via slashdot and as I own an Acer laptop, I was curious.
An active x control distributed by default on Acer laptops.
From the website.
" Checking the interface of the control reveals it has a method named "Run()" as shown below. The method supports parameters "Drive", "FileName", and "CmdLine". Isn't it strange for a control that's marked "safe for scripting" to allow a method that is suggestive of possible abuse?"
Also...
"It isn't long before I'm using this control from a webpage to execute arbitrary commands on my notebook when the page is loaded in IE6. And it's too simple..."
I had a look on my own laptop and sure enough, there it is. I will need to look into this a little more I feel and perhaps, in the future, steer myself away from Acer if need be.
skip to main |
skip to sidebar
Blog Archive
-
▼
2007
(184)
- ► 09/23 - 09/30 (1)
- ► 09/16 - 09/23 (1)
- ► 09/09 - 09/16 (1)
- ► 09/02 - 09/09 (1)
- ► 08/26 - 09/02 (1)
- ► 08/12 - 08/19 (2)
- ► 07/29 - 08/05 (3)
- ► 07/22 - 07/29 (4)
- ► 07/15 - 07/22 (5)
- ► 07/08 - 07/15 (2)
- ► 07/01 - 07/08 (6)
- ► 06/24 - 07/01 (4)
- ► 06/17 - 06/24 (7)
- ► 06/10 - 06/17 (2)
- ► 06/03 - 06/10 (4)
- ► 05/27 - 06/03 (14)
- ► 05/20 - 05/27 (4)
- ► 05/13 - 05/20 (2)
- ► 05/06 - 05/13 (9)
- ► 04/29 - 05/06 (6)
- ► 04/22 - 04/29 (6)
- ► 04/15 - 04/22 (5)
- ► 04/08 - 04/15 (7)
- ► 04/01 - 04/08 (5)
- ► 03/25 - 04/01 (6)
- ► 03/18 - 03/25 (5)
- ► 03/11 - 03/18 (6)
- ► 03/04 - 03/11 (1)
- ► 02/25 - 03/04 (7)
- ► 02/18 - 02/25 (6)
- ► 02/11 - 02/18 (11)
- ► 02/04 - 02/11 (10)
- ► 01/28 - 02/04 (6)
- ► 01/21 - 01/28 (5)
- ► 01/14 - 01/21 (9)
-
►
2006
(43)
- ► 12/31 - 01/07 (6)
- ► 12/24 - 12/31 (7)
- ► 12/17 - 12/24 (7)
- ► 12/10 - 12/17 (6)
- ► 12/03 - 12/10 (4)
- ► 11/26 - 12/03 (6)
- ► 11/19 - 11/26 (2)
- ► 11/12 - 11/19 (5)
No comments:
Post a Comment