CVE-2007-2928

Sažetak

Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data.

Reference

http://secunia.com/advisories/26482
http://www.kb.cert.org/vuls/id/599657
http://www.securityfocus.com/bid/25311
http://www.vupen.com/english/advisories/2007/2882
http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045
https://exchange.xforce.ibmcloud.com/vulnerabilities/36033

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:P

Zadnje važnije ažuriranje

12-10-2018 - 21:43

Objavljeno

15-08-2007 - 19:17