CVE-2007-2928
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
95.6%
Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| lenovo | access_support | * | cpe:2.3:h:lenovo:access_support:*:*:*:*:*:*:*:* |
| lenovo | automated_solutions | 1.0 | cpe:2.3:h:lenovo:automated_solutions:1.0:*:*:*:*:*:*:* |
References
secunia.com/advisories/26482
www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649
www.kb.cert.org/vuls/id/599657
www.securityfocus.com/bid/25311
www.vupen.com/english/advisories/2007/2882
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045
exchange.xforce.ibmcloud.com/vulnerabilities/36033
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
95.6%