Vulnerability Description
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Access Support | All versions |
| Lenovo | Automated Solutions | 1.0 |
References
- http://osvdb.org/39555
- http://secunia.com/advisories/26482
- http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=
- http://www.kb.cert.org/vuls/id/570705US Government Resource
- http://www.securityfocus.com/bid/25311
- http://www.vupen.com/english/advisories/2007/2882
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-04
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36028
- http://osvdb.org/39555
- http://secunia.com/advisories/26482
- http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=
- http://www.kb.cert.org/vuls/id/570705US Government Resource
- http://www.securityfocus.com/bid/25311
- http://www.vupen.com/english/advisories/2007/2882
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-04
FAQ
What is CVE-2007-2240?
CVE-2007-2240 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not ...
How severe is CVE-2007-2240?
CVE-2007-2240 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2240?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Access Support, Lenovo Automated Solutions.