Acer LunchApp.APlunch ActiveX Arbitrary Command Execution

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that allows arbitrary
code execution.

Description :

The remote host contains an ActiveX control from Acer called
LunchApp.APlunch that is reportedly shipped with notebook computers
from that manufacturer and is marked as 'safe for scripting' and 'safe
for initializing from persistent data'. By tricking a user on the
affected host into visiting a specially crafted web page, an attacker
can pass arbitrary commands to the 'Run' method that will be executed
on the remote host subject to the user's privileges.

See also :

http://vuln.sg/acerlunchapp-en.html
http://support.acer-euro.com/drivers/utilities.html#APP

Solution :

Run the security patch referenced in the vendor advisory above.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 24012 (acer_lunchapp_activex_code_exec.nasl)

Bugtraq ID: 21207

CVE ID: CVE-2006-6121

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now