Japan Vulnerability NotesJVN:62736872JVN#62736872: Vulnerability in Epson printer driver installer where access permissions are changed
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.1%
When printer drivers provided by Epson are installed, the access permissions for the folder that contains program files (C:\Program Files) are changed. As a result, users that do not have permission to access that folder can gain access to that folder.
Impact
A user that does not have permission to access the folder may create, modify or delete arbitrary files or folders.
Solution
Update the software and change the settings
Apply the update and change the settings, according to the information provided by the developer.
Products Affected
- Driver for LP-S9000 prior to Ver4.1.11 (32-bit and 64-bit)
- Driver for LP-S7100 prior to Ver4.1.7 (32-bit and 64-bit)
According to the developer, printer drivers that were included with the product or downloaded from the developer website from the initial release of May 2010 through November 25, 2010 are affected by this vulnerability.
Also, users of Windows Vista and later operating systems are not affected.
Related
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.1%