Untrusted Search Path Vulnerability in SEIKO EPSON Installers
CVE-2020-5674

7.8HIGH

Key Information:

Vendor

Seiko Epson Corporation

Status
The Installers Of Multiple Seiko Epson Products
Vendor
CVE Published:
24 November 2020

What is CVE-2020-5674?

The installers for various SEIKO EPSON products exhibit an untrusted search path vulnerability. This flaw allows an attacker to potentially exploit the system by placing a Trojan horse DLL in an unspecified directory. When the installer is executed, it may load the malicious DLL, leading to unauthorized privilege escalation. This vulnerability highlights the importance of implementing secure coding practices and proper directory validations to mitigate potential attacks.

Affected Version(s)

the installers of multiple SEIKO EPSON products A wide range of versions for the following products are affected -- Epson Web Installer, EPSON printer drivers, EPSON scanner drivers, EPSON Scan ICM Updaters, EPSON Printer Window!3, EPSON Printer Window!2 Firmware update programs, Network configuration utilities, Network print port monitors, Printer monitor SDK, Colorio series, Large-size printer related software, Laser printers, Copy station related software, Dot impact printer related software, Disk duplicator related software, CRYSTARIO related software, SureLab related software, Offirio Synergyware related software, Scanner related software, Digital cameras and Photo viewers related software, Projector related software, and PULSENSE and WristableGPS related software

References

https://www.epson.jp/support/misc_t/201119_oshirase.htm
x_refsource_MISC
https://www.epson.jp/support/pdf/fy20-001_softwareList_20...
x_refsource_MISC
https://jvn.jp/en/jp/JVN26835001/index.html
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.