Lenovo Inline Automated Solutions ActiveX Controls Multiple Vulnerabilities
BID:25311
Info
Lenovo Inline Automated Solutions ActiveX Controls Multiple Vulnerabilities
| Bugtraq ID: | 25311 |
| Class: | Unknown |
| CVE: |
CVE-2007-2928 CVE-2007-2929 CVE-2007-2240 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 14 2007 12:00AM |
| Updated: | Jul 06 2016 02:39PM |
| Credit: | Karl Lynn of Juniper Networks is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Lenovo Inline Automated Solutions 0 |
| Not Vulnerable: |
Lenovo Inline Automated Solutions fix pack 1 |
Discussion
Lenovo Inline Automated Solutions ActiveX Controls Multiple Vulnerabilities
Lenovo Inline Automated Solutions ActiveX controls are prone to multiple vulnerabilities.
An attacker may exploit these issues by enticing victims into opening a maliciously crafted HTML document.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts may result in denial-of-service conditions.
These issues affects versions prior to 'acpcontroller.dll' ActiveX control 1.2.8.0 and 'acpir.dll' ActiveX control 1.0.0.9.
Lenovo Inline Automated Solutions ActiveX controls are prone to multiple vulnerabilities.
An attacker may exploit these issues by enticing victims into opening a maliciously crafted HTML document.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts may result in denial-of-service conditions.
These issues affects versions prior to 'acpcontroller.dll' ActiveX control 1.2.8.0 and 'acpir.dll' ActiveX control 1.0.0.9.
Exploit / POC
Lenovo Inline Automated Solutions ActiveX Controls Multiple Vulnerabilities
Currently we are not aware of any working exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Lenovo Inline Automated Solutions ActiveX Controls Multiple Vulnerabilities
Solution:
The vendor released updates to address these issues. Please see the references for more information.
Solution:
The vendor released updates to address these issues. Please see the references for more information.
References
Lenovo Inline Automated Solutions ActiveX Controls Multiple Vulnerabilities
References:
References:
- Lenovo Homepage (IBM)
- Microsoft Support Document 240797 (Microsoft)
- Vulnerability Note VU#426737 (US-CERT)
- Vulnerability Note VU#570705 (US-CERT)
- Vulnerability Note VU#599657 (US-CERT)
- Microsoft Security Bulletin MS07-045 (Microsoft)
- Security update for Lenovo Inline Automated Solutions (IBM)