CVE-2007-2928 - Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distribut

CVE-2007-2928

Summary

Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data.

References

Vulnerable Configurations

cpe:2.3:h:lenovo:access_support:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:access_support:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:automated_solutions:1.0:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:automated_solutions:1.0:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 12-10-2018 - 21:43)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:P

refmap via4

bid	25311
cert-vn	VU#599657
confirm	http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649
secunia	26482
vupen	ADV-2007-2882
xf	ibm-lenovo-acpcontroller-code-execution(36033)

Last major update

12-10-2018 - 21:43

Published

15-08-2007 - 19:17

Last modified

12-10-2018 - 21:43