Recently, I noticed that my Acer TravelMate 4150 notebook contains the LunchApp.APlunch ActiveX control, which is marked as "safe for scripting" and "safe for initializing from persistent data". ... Checking the interface of the control reveals it has a method named "Run()" as shown below. The method supports parameters "Drive", "FileName", and "CmdLine". Isn't it strange for a control that's marked "safe for scripting" to allow a method that is suggestive of possible abuse? ... It isn't long before I'm using this control from a webpage to execute arbitrary commands on my notebook when the page is loaded in IE6. And it's too simple....
From the site this has only been tested on two Acer laptops - the Acer Aspire 5600 and the Acer TravelMate 4150 - and both from Singapore, but if it is more widespread then this could be dangerous... Possible backdoor in Acer laptops |