CVE-2007-2928

{"id": "CVE-2007-2928", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-08-15T19:17:00.000", "references": [{"url": "http://secunia.com/advisories/26482", "source": "cret@cert.org"}, {"url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/599657", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/25311", "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2882", "source": "cret@cert.org"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045", "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36033", "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data."}, {"lang": "es", "value": "Vulnerabilidad de cadena de formato en el control ActiveX IBM Lenovo Access Support acpRunner, distribuido en acpcontroller.dll anterior a 1.2.8.0 y posiblemente acpir.dll anterior a 1.0.0.9 (Automated Solutions 1.0 anterior al fix pack 1), permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante especificadores de cadena de formato en datos desconocidos."}], "lastModified": "2018-10-12T21:43:43.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:access_support:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22E333F5-25FB-4F86-9DB2-E32C5F7041A8"}, {"criteria": "cpe:2.3:h:lenovo:automated_solutions:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53FE9F21-4C54-4F7A-9F15-45281A21EBB1"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}