Vulnerability Description
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Access Support | All versions |
| Lenovo | Automated Solutions | 1.0 |
References
- http://secunia.com/advisories/26482
- http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=
- http://www.kb.cert.org/vuls/id/426737US Government Resource
- http://www.securityfocus.com/bid/25311
- http://www.vupen.com/english/advisories/2007/2882
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-04
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36035
- http://secunia.com/advisories/26482
- http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=
- http://www.kb.cert.org/vuls/id/426737US Government Resource
- http://www.securityfocus.com/bid/25311
- http://www.vupen.com/english/advisories/2007/2882
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-04
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36035
FAQ
What is CVE-2007-2929?
CVE-2007-2929 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes u...
How severe is CVE-2007-2929?
CVE-2007-2929 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2929?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Access Support, Lenovo Automated Solutions.