PT-2007-3576 · Ibm Lenovo · Acprunner Activex Control+3

Published

2007-08-15

Updated

2018-10-12

CVE-2007-2240

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM Lenovo Access Support acpRunner ActiveX control versions prior to 1.2.8.0 acpcontroller.dll versions prior to 1.2.8.0 acpir.dll versions prior to 1.0.0.9 Automated Solutions versions prior to 1.0 fix pack 1

Description The issue concerns the improper validation of digital signatures of downloaded software. This makes it easier for remote attackers to spoof a download.

Recommendations For versions prior to 1.2.8.0, update the acpRunner ActiveX control to version 1.2.8.0 or later. For versions prior to 1.0.0.9, update the acpir.dll to version 1.0.0.9 or later. For Automated Solutions versions prior to 1.0 fix pack 1, apply fix pack 1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2240

Affected Products

Automated Solutions

Acprunner Activex Control

Acpcontroller.Dll

Acpir.Dll

PT-2007-3576 · Ibm Lenovo · Acprunner Activex Control+3

CVE-2007-2240

Related Identifiers

Affected Products

References · 9