7.7 High
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.134 Low
EPSS
Percentile
95.5%
Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data.
CPE | Name | Operator | Version |
---|---|---|---|
lenovo:automated_solutions | lenovo automated solutions | eq | 1.0 |
lenovo:access_support | lenovo access support | eq | * |
secunia.com/advisories/26482
www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649
www.kb.cert.org/vuls/id/599657
www.securityfocus.com/bid/25311
www.vupen.com/english/advisories/2007/2882
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045
exchange.xforce.ibmcloud.com/vulnerabilities/36033