Acer 'preloads vulns' onto notebooks
Ripe for exploitation
10th January 2007 18:49 GMT
Acer has been called out for pre-loading a vulnerability on its notebooks.
A library file, called LunchApp.ocx, on the devices is set up to turn on the "safe for scripting" feature that means users are more vulnerable to ActiveX exploits. The "feature," designed to make it easier to browser Acer's site means systems can download potentially malicious Active X controls, without warning, if they happen to stray onto websites controlled by hackers.
This reduction in security defences was uncovered by security researchers at anti-virus firm F-Secure during testing of the LunchApp.ocx library, as explained here.
Acer is yet to respond to our requests for comment. ®
Register Hardware » News » PCs
Print
Retweet
Apple iMac All-In-One Desktop (3.06GHz Intel Core 2 Duo, 4GB DDR2, 1TB, DVD+-RW DL, Mac OS X v10.5 Snow Leopard, 27" LCD)
HP (Hewlett-Packard) Pavilion p6210f Mini-Tower Desktop (2.6GHz Athlon II X4 620, 6GB DDR2, 640GB HDD, DVD±RW DL, Windows 7 Home Premium)
HP (Hewlett-Packard) Compaq Presario CQ5210F Mini-Tower Desktop (2.7GHz Athlon 64 X2 215, 3GB DDR2, 500GB, DVD±RW DL, Windows 7 Home Premium)
Apple iMac All-In-One Desktop (3.06GHz Intel Core 2 Duo, 4GB DDR2, 500GB, DVD+-RW DL, Mac OS X v10.5 Snow Leopard, 21.5" LCD)
Acer SX2800 SFF Core 2 Quad Q8200 2.33GHz/4MBL2/4GB/640GB/SuperMulti/GigNIC/W7HP64
