CVE-2007-2929 - The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before

CVE-2007-2929

Summary

The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code.

References

Vulnerable Configurations

cpe:2.3:h:lenovo:access_support:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:access_support:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:automated_solutions:1.0:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:automated_solutions:1.0:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 12-10-2018 - 21:43)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:P

refmap via4

bid	25311
cert-vn	VU#426737
confirm	http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649
secunia	26482
vupen	ADV-2007-2882
xf	ibm-lenovo-acprunner-domain-code-execution(36035)

Last major update

12-10-2018 - 21:43

Published

15-08-2007 - 19:17

Last modified

12-10-2018 - 21:43