According to a recent research, all Acer laptops manufactured from 1998 to 2006 have a security flaw that allows attackers to gain unauthorized access to the system and control it remotely via the Internet.
A vulnerability was found in proprietary ActiveX control shipped with all Acer laptops. That control can be used by company support for troubleshooting of certain system problems occurred on remote client’s computer. However, hackers have found a way of using it too.
lunchapp.ocx, that’s the control’s name, is accessible from the Internet while surfing with Internet Explorer. A specially crafted malicious code hosted on attacker’s web site can run the vulnerable control without asking for user permission or even notifying him. All the attacker has to do is to lure the user to his site.
Users surfing the web with alternative web browsers such as Mozilla Firefox or Opera cannot be affected, as these browsers do not support ActiveX, a Microsoft’s technology. Internet Explorer 7, unlike previous browser versions, won’t run the control silently. It will ask the user first. However, as the control’s name is legit, many users can allow it.
Currently, no patch exists. The best way to protect yourself is disabling launchapp.ocx or even removing it from the system. The latter is not recommended, though.
To disable the control click Start > Run… and type in regsvr32 -u launchapp.ocx
To see if your system is vulnerable, use the Windows Search tool to search for the launchapp.ocx file.
