CVE-2007-2240

Description

The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/36028

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045

http://www.vupen.com/english/advisories/2007/2882

http://www.securityfocus.com/bid/25311

http://www.kb.cert.org/vuls/id/570705

http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649

http://secunia.com/advisories/26482

http://osvdb.org/39555

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3