Lucene search

CertccCVE-2007-2240

HistoryAug 15, 2007 - 7:17 p.m.

CVE-2007-2240

2007-08-1519:17:00

certcc

web.nvd.nist.gov

ibm

lenovo

access support

acprunner

activex

validation issue

digital signatures

software

remote attackers

spoofing

nvd

cve-2007-2240

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.02

Percentile

89.0%

JSON

The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download.

Affected configurations

Nvd

Node

lenovoaccess_support

lenovoautomated_solutionsMatch1.0

VendorProductVersionCPE
lenovoaccess_support*cpe:2.3:h:lenovo:access_support:*:*:*:*:*:*:*:*
lenovoautomated_solutions1.0cpe:2.3:h:lenovo:automated_solutions:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lenovo	access_support	*	cpe:2.3:h:lenovo:access_support::::::::
lenovo	automated_solutions	1.0	cpe:2.3:h:lenovo:automated_solutions:1.0:::::::*

References

osvdb.org/39555

secunia.com/advisories/26482

www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649

www.kb.cert.org/vuls/id/570705

www.securityfocus.com/bid/25311

www.vupen.com/english/advisories/2007/2882

docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045

exchange.xforce.ibmcloud.com/vulnerabilities/36028

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.02

Percentile

89.0%

JSON

Related for CVE-2007-2240