Remote Code Execution Vulnerability in Lenovo Access Support
CVE-2007-2240

Currently unrated

Key Information:

Vendor: Lenovo
Status: Automated Solutions; Access Support
Vendor: CVE Published:; 15 August 2007

What is CVE-2007-2240?

The Lenovo Access Support acpRunner ActiveX control suffers from a security flaw that occurs due to inadequate validation of digital signatures for downloaded software. This vulnerability allows attackers to spoof valid downloads, potentially leading to unauthorized code execution on the user's system. Users of affected versions of acpcontroller.dll and acpir.dll are at risk, emphasizing the need for immediate updates and vigilance.

References

http://www.vupen.com/english/advisories/2007/2882

vdb-entryx_refsource_VUPEN

http://osvdb.org/39555

vdb-entryx_refsource_OSVDB

http://www-307.ibm.com/pc/support/site.wss/document.do?si...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2007
Vulnerability Reserved
Apr 25, 2007