ID CVE-2007-2240
Summary The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download.
References
Vulnerable Configurations
  • cpe:2.3:h:lenovo:access_support:*:*:*:*:*:*:*:*
    cpe:2.3:h:lenovo:access_support:*:*:*:*:*:*:*:*
  • cpe:2.3:h:lenovo:automated_solutions:1.0:*:*:*:*:*:*:*
    cpe:2.3:h:lenovo:automated_solutions:1.0:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 12-10-2018 - 21:43)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:P
refmap via4
bid 25311
cert-vn VU#570705
confirm http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649
osvdb 39555
secunia 26482
vupen ADV-2007-2882
xf ibm-lenovo-acprunner-code-execution(36028)
Last major update 12-10-2018 - 21:43
Published 15-08-2007 - 19:17
Last modified 12-10-2018 - 21:43
Back to Top