Acer AcerCtrls.APlunch ActiveX Arbitrary Command Execution

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that allows arbitrary
code execution.

Description :

The remote host contains an ActiveX control from Acer called
'AcerCtrls.APlunch'. If this control is distributed with the
appropriate 'Implemented Categories' registry key, it may be marked as
safe for scripting. This would allow a web page in Internet Explorer to
call the control's 'Run()' method. A remote attacker could exploit this
by tricking a user into visiting a malicious web page that executes
arbitrary commands.

Please note this vulnerability is similar to, but different from
CVE-2006-6121. This control has different parameters and uses a
different CLSID.

Solution :

No patch is available at this time. Disable this ActiveX control by
setting the kill bit for the related CLSID. Refer to the CERT advisory
for more information.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.4
(CVSS2#E:F/RL:W/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 40666 (acer_acerctrls_aplunch_cmd_exec.nasl)

Bugtraq ID: 36068

CVE ID: CVE-2009-2627

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now