7.3 High
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.01 Low
EPSS
Percentile
83.5%
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code.
CPE | Name | Operator | Version |
---|---|---|---|
lenovo:automated_solutions | lenovo automated solutions | eq | 1.0 |
lenovo:access_support | lenovo access support | eq | * |
secunia.com/advisories/26482
www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649
www.kb.cert.org/vuls/id/426737
www.securityfocus.com/bid/25311
www.vupen.com/english/advisories/2007/2882
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045
exchange.xforce.ibmcloud.com/vulnerabilities/36035