CVE-2007-2240 - The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before

CVE-2007-2240

Summary

The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download.

References

Vulnerable Configurations

cpe:2.3:h:lenovo:access_support:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:access_support:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:automated_solutions:1.0:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:automated_solutions:1.0:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 12-10-2018 - 21:43)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:P

refmap via4

bid	25311
cert-vn	VU#570705
confirm	http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649
osvdb	39555
secunia	26482
vupen	ADV-2007-2882
xf	ibm-lenovo-acprunner-code-execution(36028)

Last major update

12-10-2018 - 21:43

Published

15-08-2007 - 19:17

Last modified

12-10-2018 - 21:43