CVE-2007-2240 - OpenCVE

The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Automated Solutions Access Support

Configuration 1 [-]

OR	cpe:2.3:h:lenovo:access_support::::::::
	cpe:2.3:h:lenovo:automated_solutions:1.0:::::::*

References

Link	Resource
http://osvdb.org/39555
http://secunia.com/advisories/26482
http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649
http://www.kb.cert.org/vuls/id/570705	US Government Resource
http://www.securityfocus.com/bid/25311
http://www.vupen.com/english/advisories/2007/2882
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045
https://exchange.xforce.ibmcloud.com/vulnerabilities/36028

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2007-08-15T19:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2007-04-25T00:00:00

Link: CVE-2007-2240

JSON object: View

NVD Information

Status : Modified

Published: 2007-08-15T19:17:00.000

Modified: 2018-10-12T21:43:41.223

Link: CVE-2007-2240

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-14T00:00:00", "descriptions": [{"lang": "en", "value": "The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "ADV-2007-2882", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2882"}, {"name": "39555", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/39555"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649"}, {"name": "MS07-045", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045"}, {"name": "26482", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26482"}, {"name": "ibm-lenovo-acprunner-code-execution(36028)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36028"}, {"name": "25311", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25311"}, {"name": "VU#570705", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/570705"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2007-2240", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2007-2882", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2882"}, {"name": "39555", "refsource": "OSVDB", "url": "http://osvdb.org/39555"}, {"name": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649", "refsource": "CONFIRM", "url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649"}, {"name": "MS07-045", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045"}, {"name": "26482", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26482"}, {"name": "ibm-lenovo-acprunner-code-execution(36028)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36028"}, {"name": "25311", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25311"}, {"name": "VU#570705", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/570705"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2007-2240", "datePublished": "2007-08-15T19:00:00", "dateReserved": "2007-04-25T00:00:00", "dateUpdated": "2018-10-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:access_support:*:*:*:*:*:*:*:*", "matchCriteriaId": "22E333F5-25FB-4F86-9DB2-E32C5F7041A8", "vulnerable": true}, {"criteria": "cpe:2.3:h:lenovo:automated_solutions:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "53FE9F21-4C54-4F7A-9F15-45281A21EBB1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download."}, {"lang": "es", "value": "El control ActiveX IBM Lenovo Access Support acpRunner, como el distribuido en acpcontroller.dll anterior a 1.2.8.0 y posiblemente acpir.dll anterior a 1.0.0.9 (Automated Solutions 1.0 anterior a fix pack 1), no valida adecuadamente las firmas digitales del software descargado, lo cual hace m\u00e1s f\u00e1cil para atacantes remotos falsificar una descarga."}], "id": "CVE-2007-2240", "lastModified": "2018-10-12T21:43:41.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-08-15T19:17:00.000", "references": [{"source": "cret@cert.org", "url": "http://osvdb.org/39555"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/26482"}, {"source": "cret@cert.org", "url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649"}, {"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/570705"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/25311"}, {"source": "cret@cert.org", "url": "http://www.vupen.com/english/advisories/2007/2882"}, {"source": "cret@cert.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045"}, {"source": "cret@cert.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36028"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}