Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:12085
HistoryAug 21, 2009 - 12:00 a.m.

Acer AcerCtrls.APlunch ActiveX控件不安全方式调用漏洞

2009-08-2100:00:00
Root
www.seebug.org
9

0.026 Low

EPSS

Percentile

90.4%

JSON

CVE(CAN) ID: CVE-2009-2627

AcerCtrls.APlunch是Acer笔记本默认所捆绑的一个ActiveX控件。

AcerCtrls.APlunch ActiveX控件(acerctrl.ocx)中包含有一个名为Run()的调用方式,该方式会取Drive和FileName两个参数。尽管这个控件本身没有通过IObjectSafety接口标记为safe for scripting,但通过适当的Implemented Categories注册表键发布可能导致将其标记为safe for scripting。这意味着在Internet Explorer中打开恶意网页可能导致调用控件的Run()方式。

Acer AcerCtrls.APlunch ActiveX
临时解决方法:

  • 在Internet Explorer中禁用AcerCtrls.APlunch ActiveX控件,为以下CLSID设置kill bit:

{3895DD35-7573-11D2-8FED-00606730D3AA}

或将以下文本保存为.REG文件并导入:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility{3895DD35-7573-11D2-8FED-00606730D3AA}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility{3895DD35-7573-11D2-8FED-00606730D3AA}]
"Compatibility Flags"=dword:00000400

厂商补丁:

Acer

目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.acer.com

Related

cert 1
nessus 1
prion 1
cve 1
cvelist 1
nvd 1
cert
cert
Acer AcerCtrls.APlunch ActiveX Control fails to properly restrict access to methods
2009-08-18 00:00:00
nessus
nessus
Acer AcerCtrls.APlunch ActiveX Arbitrary Command Execution
2009-08-21 00:00:00
prion
prion
Security feature bypass
2009-08-19 17:30:00
cve
cve
CVE-2009-2627
2009-08-19 17:30:01
cvelist
cvelist
CVE-2009-2627
2009-08-19 17:00:00
nvd
nvd
CVE-2009-2627
2009-08-19 17:30:01

0.026 Low

EPSS

Percentile

90.4%

JSON
Related for SSV:12085
cert1nessus1prion1cve1cvelist1nvd1