Energizer's Duo USB battery charger has been around for a couple of years now, but the company has just now fessed up to a fairly significant vulnerability in the software for the device after being informed of the problem by CERT. While the software was intended to simply let you keep watch on the battery charging status, it apparently also opened up a backdoor that allowed commands to be executed remotely, including the ability to list directories, send and receive files, and run programs. That vulnerability is only found in the Windows version of the software, and Energizer has already discontinued the product altogether and removed the download from its website. Anyone that already has the software installed is advised to first uninstall it and then remove the Arucer.dll file from the Windows system32 directory.

[Thanks, Michael]
Energizer confirms software vulnerability in Duo charging software originally appeared on Engadget on Mon, 08 Mar 2010 16:19:00 EST. Please see our terms for use of feeds.


Permalink Bleeping Computer | MarketWatch | Email this | Comments

More...