Signature Detail
Short Name |
HTTP:STC:CLSID:ACTIVEX:ACER-OBJ |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop Packet |
Category |
HTTP |
Keywords |
Acer LunchApp.APlunch ActiveX Remote Code Execution |
Release Date |
2006/12/08 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Acer LunchApp.APlunch ActiveX Remote Code Execution
This signature detects attempts to exploit a known vulnerability in Acer. An attacker can create a malicious Web site containing dangerous ActiveX calls using the LunchApp.APlunch member, which if accessed by a victim, allows the attacker to gain control of the client system by remotely executing commands.
Extended Description
Acer LunchApp.APlunch ActiveX is prone to a remote code-execution vulnerability. Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and possibly to compromise affected computers. This issue affects Acer TravelMate 4150 and Acer Aspire 5600 notebooks with LunchApp.APlunch version 1.0.
Affected Products
- Acer Aspire 5600
- Acer LunchApp.APlunch 1.0
- Acer TravelMate 4150
- HP Storage Management Appliance 2.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.0.1 SP3
- Microsoft Internet Explorer 5.0.1 SP4
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
- Microsoft Internet Explorer 7.0
References
- BugTraq: 21207
- CVE: CVE-2006-6121
- URL: http://www.frsirt.com/english/advisories/2006/4602
- URL: http://vuln.sg/acerlunchapp-en.html