Vulnerability Name:

CVE-2006-6121 (CCN-30417)

Assigned:2006-11-19
Published:2006-11-19
Updated:2018-10-17
Summary:Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers to execute arbitrary commands by calling the Run method.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
6.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MISC
Type: UNKNOWN
ftp://ftp.support.acer-euro.com/utilities/LaunchAppFix/AcerLAppFix.zip

Source: MITRE
Type: CNA
CVE-2006-6121

Source: CONFIRM
Type: UNKNOWN
http://global.acer.com/support/patch20070101.htm

Source: CCN
Type: SA23003
Acer LunchApp.APlunch ActiveX Control "Run" Insecure Method

Source: SECUNIA
Type: Vendor Advisory
23003

Source: CCN
Type: vuln.sg
About Acer Notebook LunchApp.APlunch ActiveX Control....

Source: MISC
Type: Exploit, Vendor Advisory
http://vuln.sg/acerlunchapp-en.html

Source: MISC
Type: UNKNOWN
http://www.f-secure.com/weblog/archives/archive-012007.html#00001073

Source: CCN
Type: US-CERT VU#221700
Acer LunchApp ActiveX Control fails to properly restrict access to methods

Source: CERT-VN
Type: US Government Resource
VU#221700

Source: CCN
Type: OSVDB ID: 30513
Acer LunchApp.APlunch ActiveX Run() Method Arbitrary File Execution

Source: CCN
Type: OSVDB ID: 57201
Acer AcerCtrls.APlunch ActiveX (acerctrl.ocx) Run Method Arbitrary Local File Execution

Source: HP
Type: UNKNOWN
HPSBST02214

Source: BID
Type: UNKNOWN
21207

Source: CCN
Type: BID-21207
Acer LunchApp.APlunch ActiveX Control Remote Code Execution Vulnerability

Source: CERT
Type: US Government Resource
TA07-128A

Source: VUPEN
Type: UNKNOWN
ADV-2006-4602

Source: MS
Type: UNKNOWN
MS07-027

Source: XF
Type: UNKNOWN
acer-lunchappaplunch-command-execution(30417)

Source: XF
Type: UNKNOWN
acer-lunchappaplunch-command-execution(30417)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:acer:lunchapp.aplunch:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    acer lunchapp.aplunch *