Lucene search

[email protected]CVE-2007-2928

HistoryAug 15, 2007 - 7:17 p.m.

CVE-2007-2928

2007-08-1519:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

ibm

lenovo

access support

acprunner

activex

control

format string vulnerability

cve-2007-2928

nvd

security

vulnerability

code execution

7.7 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.134 Low

EPSS

Percentile

95.5%

JSON

Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data.

CPENameOperatorVersion
lenovo:automated_solutionslenovo automated solutionseq1.0
lenovo:access_supportlenovo access supporteq*

CPE	Name	Operator	Version
lenovo:automated_solutions	lenovo automated solutions	eq	1.0
lenovo:access_support	lenovo access support	eq	*

References

secunia.com/advisories/26482

www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649

www.kb.cert.org/vuls/id/599657

www.securityfocus.com/bid/25311

www.vupen.com/english/advisories/2007/2882

docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045

exchange.xforce.ibmcloud.com/vulnerabilities/36033

7.7 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.134 Low

EPSS

Percentile

95.5%

JSON

Related for CVE-2007-2928

prion1 cert1 seebug1 checkpoint_advisories1 nessus1