Computer maker Acer has shipped its notebook computers with an ActiveX control that lets any Web site install software on the machine, security researchers warned this week.
The ActiveX control--named LunchApp.ocx--appears to be a way for the company to easily update customer laptops, but also allows others to do the same thing, antivirus firm F-Secure stated in a blog post on Tuesday. The security problem, first discovered in November by security researcher Tan Chew Keong, was confirmed by antivirus F-Secure.
"The library, named LunchApp.ocx, is probably supposed to help with browsing the vendor's website, enable easy updates and such," wrote F-Secure's research team. "It turns out it also makes all those machines vulnerable to a specially crafted HTML file that could instantly download malicious file(s) onto the user's machine and then execute them."
No comments:
Post a Comment