CVE-2007-2240

{"id": "CVE-2007-2240", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-08-15T19:17:00.000", "references": [{"url": "http://osvdb.org/39555", "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/26482", "source": "cret@cert.org"}, {"url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/570705", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/25311", "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2882", "source": "cret@cert.org"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045", "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36028", "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download."}, {"lang": "es", "value": "El control ActiveX IBM Lenovo Access Support acpRunner, como el distribuido en acpcontroller.dll anterior a 1.2.8.0 y posiblemente acpir.dll anterior a 1.0.0.9 (Automated Solutions 1.0 anterior a fix pack 1), no valida adecuadamente las firmas digitales del software descargado, lo cual hace m\u00e1s f\u00e1cil para atacantes remotos falsificar una descarga."}], "lastModified": "2018-10-12T21:43:41.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:access_support:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22E333F5-25FB-4F86-9DB2-E32C5F7041A8"}, {"criteria": "cpe:2.3:h:lenovo:automated_solutions:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53FE9F21-4C54-4F7A-9F15-45281A21EBB1"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}