This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects an attempt to instantiate Acer LunchApp ActiveX Control in an unsafe manner.
Acer LunchApp.APlunch ActiveX is prone to a remote code-execution vulnerability.
Specifically, the control with a CLSID of D9998BD0-7957-11D2-8FED-00606730D3AA marks several dangerous methods as 'Safe for Scripting'. This includes the 'Run' method that can be used to execute arbitrary files. Remote attackers may use these methods to execute arbitrary code.
Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and possibly to compromise affected computers.
This issue affects Acer TravelMate 4150 and Acer Aspire 5600 notebooks with LunchApp.APlunch version 1.0.
- Acer Aspire 5600
- Acer LunchApp.APlunch 1.0
- Acer TravelMate 4150
- HP Storage Management Appliance 2.1
- Microsoft Internet Explorer 5.0.1 SP1, 5.0.1 SP2, 5.0.1 SP3, 5.0.1 SP4, 6.0, 6.0 SP1, 6.0 SP2, 7.0
Disabling Active Scripting in Internet Explorer or setting the kill bit on a specific CLSID will prevent a successful exploit of this vulnerability. Please see the referenced Microsoft advisory (927709) for more information on implementing workarounds.