Unrated severityNVD Advisory· Published Aug 15, 2007· Updated Apr 23, 2026

CVE-2007-2240

Description

The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download.

Affected products

Lenovo/Access Support
cpe:2.3:h:lenovo:access_support:*:*:*:*:*:*:*:*
Lenovo/Automated Solutions
cpe:2.3:h:lenovo:automated_solutions:1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/570705nvdUS Government Resource
osvdb.org/39555nvd
secunia.com/advisories/26482nvd
www-307.ibm.com/pc/support/site.wss/document.donvd
www.securityfocus.com/bid/25311nvd
www.vupen.com/english/advisories/2007/2882nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045nvd
exchange.xforce.ibmcloud.com/vulnerabilities/36028nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000