Acer's Vulnerability Hotfix

• GSL

  17 Jan 07, 15:23

  There's an update for the Acer ActiveX component vulnerability
  
  Details can be found via US-CERT. The patch is named "Acer Preload Security Patch for Windows XP" and can be found here.
  
  
• GSL

  17 Jan 07, 15:25

  More detail about the vulnerability:
  
  It's very common that vendors sell machines with preloaded applications and system components of their own. The library, named LunchApp.ocx, is probably supposed to help with browsing the vendor's website, enable easy updates and such – it turns out… it also makes all those machines vulnerable to a specially crafted html file that could instantly download malicious file(s) onto the user's machine and then execute them. It gets even better… Acer enabled "safe for scripting" on that ActiveX library so you wouldn't even see when it's used.