CVE-2010-3920

The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the "C:\Program Files" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:h:epson:lp-s7100:*:*:*:*:*:*:*:*
OR cpe:2.3:a:epson:lp-s7100_driver_4.1.0:*:*:*:*:*:*:*:*
cpe:2.3:a:epson:lp-s7100_driver_4.1.7:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:h:epson:lp-s9000:*:*:*:*:*:*:*:*
OR cpe:2.3:a:epson:lp-s9000_driver_4.1.0:*:*:*:*:*:*:*:*
cpe:2.3:a:epson:lp-s9000_driver_4.1.11:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:19

Type Values Removed Values Added
References () http://jvn.jp/en/jp/JVN62736872/index.html - () http://jvn.jp/en/jp/JVN62736872/index.html -
References () http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000059.html - () http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000059.html -
References () http://osvdb.org/69678 - () http://osvdb.org/69678 -
References () http://secunia.com/advisories/42540 - Vendor Advisory () http://secunia.com/advisories/42540 - Vendor Advisory
References () http://www.epson.jp/support/misc/lps7100_9000/index.htm - Vendor Advisory () http://www.epson.jp/support/misc/lps7100_9000/index.htm - Vendor Advisory

Information

Published : 2010-12-08 20:00

Updated : 2024-11-21 01:19


NVD link : CVE-2010-3920

Mitre link : CVE-2010-3920

CVE.ORG link : CVE-2010-3920


JSON object : View

Products Affected

epson

  • lp-s7100
  • lp-s9000_driver_4.1.11
  • lp-s9000
  • lp-s7100_driver_4.1.7
  • lp-s7100_driver_4.1.0
  • lp-s9000_driver_4.1.0
CWE
CWE-264

Permissions, Privileges, and Access Controls