NEWS FROM THE LAB - Tuesday, January 9, 2007

Preloaded Vulnerability Posted by Kamil @ 09:14 GMT

Acer Ferrari

Yesterday, we tested a library taken from a Acer computer. It's very common that vendors sell machines with preloaded applications and system components of their own. The library, named LunchApp.ocx, is probably supposed to help with browsing the vendor's website, enable easy updates and such – it turns out… it also makes all those machines vulnerable to a specially crafted html file that could instantly download malicious file(s) onto the user's machine and then execute them. It gets even better… Acer enabled "safe for scripting" on that ActiveX library so you wouldn't even see when it's used.

It would be nice if Acer (and other vendors) thought twice before providing a "feature" like this in the future.