Acer AcerCtrls.APlunch ActiveX Arbitrary Command Execution

high Nessus Plugin ID 40666


The remote Windows host has an ActiveX control that allows arbitrary code execution.


The remote host contains an ActiveX control from Acer called 'AcerCtrls.APlunch'. If this control is distributed with the appropriate 'Implemented Categories' registry key, it may be marked as safe for scripting. This would allow a web page in Internet Explorer to call the control's 'Run()' method. A remote attacker could exploit this by tricking a user into visiting a malicious web page that executes arbitrary commands.

Please note this vulnerability is similar to, but different from CVE-2006-6121. This control has different parameters and uses a different CLSID.


No patch is available at this time. Disable this ActiveX control by setting the kill bit for the related CLSID. Refer to the CERT advisory for more information.

Plugin Details

Severity: High

ID: 40666

File Name: acer_acerctrls_aplunch_cmd_exec.nasl

Version: 1.15

Type: local

Agent: windows

Family: Windows

Published: 8/21/2009

Updated: 6/27/2018

Supported Sensors: Nessus Agent

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/18/2009

Reference Information

CVE: CVE-2009-2627

BID: 36068

CERT: 485961

Secunia: 36343

CWE: 94