Microsoft Internet Explorer (IE) Vulnerability Fix under Windows XP for Acer notebook and desktop systems

1. An ActiveX control made up by "lunchapp.ocx" file was pre-installed with Acer systems. Internet Explorer allows ActiveX control to directly access system internals remotely without user's acknowledgement. It allows potential attacks when visiting malicious web site using IE (versions earlier than IE 6.0 SP2).

2. Acer systems manufactured after January, 2007, no longer include the program in the system. For previously manufactured Acer computer systems, the security fix, called AcerLAppFix, can be found at the following:

• EMEA
• Pan America & Asia Pacific
• China (for Notebook)
  
• China (for Desktop)
• HongKong
• Taiwan
  

3. The issue is mitigated with Internet Explorer 6.0 SP2 (comes with Windows XP SP2) and above. The updated Internet Explorer prompts a dialog to prevent the ActiveX control being directly executed without user's agreement. However, it is still recommended to run LaunchAppFix for a more secured system.