CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
87.6%
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code.
Vendor | Product | Version | CPE |
---|---|---|---|
lenovo | access_support | * | cpe:2.3:h:lenovo:access_support:*:*:*:*:*:*:*:* |
lenovo | automated_solutions | 1.0 | cpe:2.3:h:lenovo:automated_solutions:1.0:*:*:*:*:*:*:* |
secunia.com/advisories/26482
www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649
www.kb.cert.org/vuls/id/426737
www.securityfocus.com/bid/25311
www.vupen.com/english/advisories/2007/2882
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045
exchange.xforce.ibmcloud.com/vulnerabilities/36035