Blogger points to Acer software suite with open ActiveX function.
A security blogger has raised concerns that Acer laptops are wide open to attack from an ActiveX flaw.
Tan Chew Keong has warned that Acer's laptops contain an ActiveX control that could allow a webpage to execute a malicious program.
"Recently, I noticed that my Acer TravelMate 4150 notebook contains the LunchApp.APlunch ActiveX control, which is marked as 'safe for scripting' and 'safe for initializing from persistent data'," he said.
Closer inspection revealed that the ActiveX control was part of the suite of applications included as standard in Acer notebooks.
Keong posted an exploit that takes advantage of the open system on his blog page. He said that the software dated back to November 1998, although he was not sure whether the problem exists outside his native Singapore.
Having checked a more up-to-date laptop, he confirmed that the problem was also present on newer models such as the Acer Aspire 5600.
However, Keong pointed out that later Acer models used Internet Explorer 7 with ActiveX turned off, which would keep them safe as long as it was not turned back on.
Acer was approached to discuss these issues but no-one at the company was available to comment.
- ActiveX flaw leaves Adobe apps vulnerable