CVE-2009-2627

Published: Aug 19, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Insecure method vulnerability in the Acer LunchApp (aka AcerCtrls.APlunch) ActiveX control in acerctrl.ocx allows remote attackers to execute arbitrary commands via the Run method, a different vulnerability than CVE-2006-6121.

Affected (1)

Products: Acer: Lunchapp.aplunch

Acer

1 product

Lunchapp.aplunch

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Acer Lunchapp.aplunch	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (14)

http://osvdb.org/57201

Source: cret@cert.org

http://secunia.com/advisories/36343

Source: cret@cert.org

Vendor Advisory

http://www.kb.cert.org/vuls/id/485961

Source: cret@cert.org

US Government Resource

http://www.securityfocus.com/bid/36068

Source: cret@cert.org

http://www.securitytracker.com/id?1022752

Source: cret@cert.org

http://www.vupen.com/english/advisories/2009/2299

Source: cret@cert.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/52592

Source: cret@cert.org

http://osvdb.org/57201