Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data.
secunia.com/advisories/26482
www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649
www.kb.cert.org/vuls/id/599657
www.securityfocus.com/bid/25311
www.vupen.com/english/advisories/2007/2882
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045
exchange.xforce.ibmcloud.com/vulnerabilities/36033