Acer AcerCtrls.APlunch ActiveX Arbitrary Command Execution

High Nessus Plugin ID 40666


The remote Windows host has an ActiveX control that allows arbitrary code execution.


The remote host contains an ActiveX control from Acer called 'AcerCtrls.APlunch'. If this control is distributed with the appropriate 'Implemented Categories' registry key, it may be marked as safe for scripting. This would allow a web page in Internet Explorer to call the control's 'Run()' method. A remote attacker could exploit this by tricking a user into visiting a malicious web page that executes arbitrary commands.

Please note this vulnerability is similar to, but different from CVE-2006-6121. This control has different parameters and uses a different CLSID.


No patch is available at this time. Disable this ActiveX control by setting the kill bit for the related CLSID. Refer to the CERT advisory for more information.

Plugin Details

Severity: High

ID: 40666

File Name: acer_acerctrls_aplunch_cmd_exec.nasl

Version: $Revision: 1.14 $

Type: local

Agent: windows

Family: Windows

Published: 2009/08/21

Modified: 2014/04/21

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:W/RC:ND

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2009/08/18

Reference Information

CVE: CVE-2009-2627

BID: 36068

OSVDB: 57201

CERT: 485961

Secunia: 36343

CWE: 94