Acer AcerCtrls.APlunch ActiveX Arbitrary Command Execution

high Nessus Plugin ID 40666

Synopsis

The remote Windows host has an ActiveX control that allows arbitrary code execution.

Description

The remote host contains an ActiveX control from Acer called 'AcerCtrls.APlunch'. If this control is distributed with the appropriate 'Implemented Categories' registry key, it may be marked as safe for scripting. This would allow a web page in Internet Explorer to call the control's 'Run()' method. A remote attacker could exploit this by tricking a user into visiting a malicious web page that executes arbitrary commands.

Please note this vulnerability is similar to, but different from CVE-2006-6121. This control has different parameters and uses a different CLSID.

Solution

No patch is available at this time. Disable this ActiveX control by setting the kill bit for the related CLSID. Refer to the CERT advisory for more information.

Plugin Details

Severity: High

ID: 40666

File Name: acer_acerctrls_aplunch_cmd_exec.nasl

Version: 1.15

Type: local

Agent: windows

Family: Windows

Published: 8/21/2009

Updated: 6/27/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/18/2009

Reference Information

CVE: CVE-2009-2627

BID: 36068

CWE: 94

CERT: 485961

Secunia: 36343