Vulnerabilities > CVE-2007-2928 - Multiple vulnerability in Lenovo Access Support and Automated Solutions
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 2 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS07-045.NASL |
description | The remote host is missing IE Cumulative Security Update 937143. The remote version of IE is potentially vulnerable to several flaws that may allow an attacker to execute arbitrary code on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25883 |
published | 2007-08-14 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/25883 |
title | MS07-045: Cumulative Security Update for Internet Explorer (937143) |
code |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 25311 CVE(CAN) ID: CVE-2007-2928,CVE-2007-2929,CVE-2007-2240 Automated Solutions是联想和IBM电脑中所安装的ActiveX工具软件包。 Automated Solutions的ActiveX控件实现上存在格式串处理漏洞,远程攻击者可能利用此漏洞控制用户系统。 Automated Solutions软件包中所捆绑的acpRunner(AcpController.dll)ActiveX控件中存在格式串漏洞,没有正确地验证下载软件包的签名,也没有限制对某些域的危险操作。如果用户受骗打开了恶意的HTML文档的话,就可能允许用户执行任意指令。 0 Lenovo Automated Solutions 临时解决方法: 在IE中禁用acpRunner ActiveX控件,为以下CLSID设置kill bit: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} 或者将以下文本保存为.REG文件并导入: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E598AC61-4C6F-4F4D-877F-FAC49CA91FA3}] "Compatibility Flags"=dword:00000400 厂商补丁: Lenovo ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649&velxr-layout=printLenovo |
id | SSV:2147 |
last seen | 2017-11-19 |
modified | 2007-08-21 |
published | 2007-08-21 |
reporter | Root |
title | 联想Automated Solutions ActiveX控件多个安全漏洞 |
References
- http://secunia.com/advisories/26482
- http://www.kb.cert.org/vuls/id/599657
- http://www.securityfocus.com/bid/25311
- http://www.vupen.com/english/advisories/2007/2882
- http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36033