1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Acer LunchApp Unsafe Method

HTTP Acer LunchApp Unsafe Method

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to instantiate Acer LunchApp ActiveX Control in an unsafe manner.

Additional Information

Acer LunchApp.APlunch ActiveX is prone to a remote code-execution vulnerability.

Specifically, the control with a CLSID of D9998BD0-7957-11D2-8FED-00606730D3AA marks several dangerous methods as 'Safe for Scripting'. This includes the 'Run' method that can be used to execute arbitrary files. Remote attackers may use these methods to execute arbitrary code.

Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and possibly to compromise affected computers.

This issue affects Acer TravelMate 4150 and Acer Aspire 5600 notebooks with LunchApp.APlunch version 1.0.

Affected

  • Acer Aspire 5600
  • Acer LunchApp.APlunch 1.0
  • Acer TravelMate 4150
  • HP Storage Management Appliance 2.1
  • Microsoft Internet Explorer 5.0.1 SP1, 5.0.1 SP2, 5.0.1 SP3, 5.0.1 SP4, 6.0, 6.0 SP1, 6.0 SP2, 7.0

Response

Disabling Active Scripting in Internet Explorer or setting the kill bit on a specific CLSID will prevent a successful exploit of this vulnerability. Please see the referenced Microsoft advisory (927709) for more information on implementing workarounds.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube