Lucene search

[email protected]CVE-2007-2929

HistoryAug 15, 2007 - 7:17 p.m.

CVE-2007-2929

2007-08-1519:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

ibm

lenovo

access support

acprunner

activex

control

unsafe methods

arbitrary web domains

remote attackers

code execution

cve-2007-2929

7.3 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.01 Low

EPSS

Percentile

83.5%

JSON

The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code.

CPENameOperatorVersion
lenovo:automated_solutionslenovo automated solutionseq1.0
lenovo:access_supportlenovo access supporteq*

CPE	Name	Operator	Version
lenovo:automated_solutions	lenovo automated solutions	eq	1.0
lenovo:access_support	lenovo access support	eq	*

References

secunia.com/advisories/26482

www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649

www.kb.cert.org/vuls/id/426737

www.securityfocus.com/bid/25311

www.vupen.com/english/advisories/2007/2882

docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045

exchange.xforce.ibmcloud.com/vulnerabilities/36035

7.3 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.01 Low

EPSS

Percentile

83.5%

JSON

Related for CVE-2007-2929

prion1 cert1 seebug1 checkpoint_advisories1 nessus1