Energizer DUO USB battery charger software allows unauthorized remote system access

March 8, 2010 – 8:42 AM

Energizer DUO is a USB battery charger. Included with the charger is a Windows application that allows the user to view the battery charging status. The installer for the Energizer DUO software places the file UsbCharger.dll in the application’s directory and Arucer.dll in the Windows system32 directory. When the Energizer UsbCharger software executes, it utilizes the UsbCharger.dll component for providing USB communication capabilities. UsbCharger.dll executes Arucer.dll via the Windows rundll32.exe mechanism, and it also configures Arucer.dll to execute automatically when Windows starts by creating an entry in the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key.

Source:
http://www.kb.cert.org/vuls/id/154421

  1. 2 Responses to “Energizer DUO USB battery charger software allows unauthorized remote system access”

  2. I’d be interested to see how many lawsuits will spawn from this.

    By NookSurfer on Mar 8, 2010

  3. Love it. This is already in Metasploit.

    By manunkind on Mar 10, 2010

You must be logged in to post a comment.

Copyright 2008-2021 PC Sympathy - Entries (RSS) - Sitemap