Lucene search

PRIOn knowledge basePRION:CVE-2007-2240

HistoryAug 15, 2007 - 7:17 p.m.

Code injection

2007-08-1519:17:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.011 Low

EPSS

Percentile

84.4%

JSON

The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download.

CPENameOperatorVersion
automated_solutionseq1.0

CPE	Name	Operator	Version
	automated_solutions	eq	1.0

References

osvdb.org/39555

secunia.com/advisories/26482

www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649

www.kb.cert.org/vuls/id/570705

www.securityfocus.com/bid/25311

www.vupen.com/english/advisories/2007/2882

docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045

exchange.xforce.ibmcloud.com/vulnerabilities/36028

6.7 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.011 Low

EPSS

Percentile

84.4%

JSON

Related for PRION:CVE-2007-2240