Unrated severityNVD Advisory· Published Aug 15, 2007· Updated Apr 23, 2026

CVE-2007-2928

Description

Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data.

Affected products

Lenovo/Access Support
cpe:2.3:h:lenovo:access_support:*:*:*:*:*:*:*:*
Lenovo/Automated Solutions
cpe:2.3:h:lenovo:automated_solutions:1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/599657nvdUS Government Resource
secunia.com/advisories/26482nvd
www-307.ibm.com/pc/support/site.wss/document.donvd
www.securityfocus.com/bid/25311nvd
www.vupen.com/english/advisories/2007/2882nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045nvd
exchange.xforce.ibmcloud.com/vulnerabilities/36033nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000