CVSS: 5.8EPSS: 13%CPEs: 2EXPL: 0CVE-2007-2928
https://notcve.org/view.php?id=CVE-2007-2928
Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data. Vulnerabilidad de cadena de formato en el control ActiveX IBM Lenovo Access Support acpRunner, distribuido en acpcontroller.dll anterior a 1.2.8.0 y posiblemente acpir.dll anterior a 1.0.0.9 (Automated Solutions 1.0 anterior al fix pack 1), permite a atacantes remotos ejecutar código de su elección mediante especificadores de cadena de formato en datos desconocidos. • http://secunia.com/advisories/26482 http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649 http://www.kb.cert.org/vuls/id/599657 http://www.securityfocus.com/bid/25311 http://www.vupen.com/english/advisories/2007/2882 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045 https://exchange.xforce.ibmcloud.com/vulnerabilities/36033 •
CVSS: 5.8EPSS: 1%CPEs: 2EXPL: 0CVE-2007-2929
https://notcve.org/view.php?id=CVE-2007-2929
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code. El control ActiveX IBM Lenovo Access Support acpRunner, como el distribuido en acpcontroller.dll anterior a 1.2.8.0 y posiblemente acpir.dll anterior a 1.0.0.9 (Automated Solutions 1.0 anterior a fix pack 1), expone métodos no seguros a dominios web arbitrarios, lo cual permite a atacantes descargar código de su elección a un cliente del sistema y ejecutarlo. • http://secunia.com/advisories/26482 http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649 http://www.kb.cert.org/vuls/id/426737 http://www.securityfocus.com/bid/25311 http://www.vupen.com/english/advisories/2007/2882 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045 https://exchange.xforce.ibmcloud.com/vulnerabilities/36035 •
CVSS: 5.8EPSS: 1%CPEs: 2EXPL: 0CVE-2007-2240
https://notcve.org/view.php?id=CVE-2007-2240
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download. El control ActiveX IBM Lenovo Access Support acpRunner, como el distribuido en acpcontroller.dll anterior a 1.2.8.0 y posiblemente acpir.dll anterior a 1.0.0.9 (Automated Solutions 1.0 anterior a fix pack 1), no valida adecuadamente las firmas digitales del software descargado, lo cual hace más fácil para atacantes remotos falsificar una descarga. • http://osvdb.org/39555 http://secunia.com/advisories/26482 http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649 http://www.kb.cert.org/vuls/id/570705 http://www.securityfocus.com/bid/25311 http://www.vupen.com/english/advisories/2007/2882 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045 https://exchange.xforce.ibmcloud.com/vulnerabilities/36028 •