Remote Code Execution Vulnerability in Lenovo Access Support
CVE-2007-2929

Currently unrated

Key Information:

Vendor: Lenovo
Status: Automated Solutions; Access Support
Vendor: CVE Published:; 15 August 2007

Summary

The Lenovo Access Support acpRunner ActiveX control is vulnerable to remote code execution due to unsafe methods exposed to arbitrary web domains. This exposure allows remote attackers to leverage these methods to download and execute malicious code on a client's system, potentially compromising the integrity and security of users' devices. Users of this software, particularly those with versions of acpcontroller.dll prior to 1.2.8.0 and acpir.dll prior to 1.0.0.9, should ensure they are using the latest updates to mitigate this risk.

References

http://www.vupen.com/english/advisories/2007/2882

vdb-entryx_refsource_VUPEN

http://www-307.ibm.com/pc/support/site.wss/document.do?si...

x_refsource_CONFIRM

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

Timeline

Vulnerability published
Aug 15, 2007
Vulnerability Reserved
May 30, 2007