CVE-2020-5674

Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:epson:album_print:-:*:*:*:*:update_program:*:*
cpe:2.3:a:epson:color_calibration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:colorbase:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:colorio_easy_print:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:connect:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:creativity_suite:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:e-photo:-:*:*:*:*:camera_raw:*:*
cpe:2.3:a:epson:e-photo:-:*:*:*:*:picture_motion_browser:*:*
cpe:2.3:a:epson:easy_photo_print:-:*:*:*:*:-:*:*
cpe:2.3:a:epson:easy_photo_print:-:*:*:*:*:camera_raw:*:*
cpe:2.3:a:epson:easy_settings:-:*:*:*:*:office:*:*
cpe:2.3:a:epson:imaging_workshop:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:link2:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:multi-print_quicker:-:*:*:*:*:windows:*:*
cpe:2.3:a:epson:net_config:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:net_config_se:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:net_print:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:net_software_development_kit:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:photolier:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:photoquicker:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:photostarter:3.1:*:*:*:*:*:*:*
cpe:2.3:a:epson:pm-t990_integrated_installer:-:*:*:*:*:windows:*:*
cpe:2.3:a:epson:print:-:*:*:*:*:playmemories_home:*:*
cpe:2.3:a:epson:print:-:*:*:*:*:silkypix:*:*
cpe:2.3:a:epson:print:-:*:*:*:*:viewnx:*:*
cpe:2.3:a:epson:print_image_framer_tool:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:print_layout:-:*:*:*:*:photoshop:*:*
cpe:2.3:a:epson:prolab_print:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:prolab_print:-:*:*:*:*:camera_raw:*:*
cpe:2.3:a:epson:remote_printer_driver:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:scan_icm_updater:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:scanner_driver:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:web_to_page:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:webconfig:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:epson:universal_print_driver:-:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:epson:status_monitor_2:-:*:*:*:*:*:*:*
cpe:2.3:a:epson:status_monitor_3:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:epson:ec-01_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:epson:ec-01:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:epson:print_image_framer_tool:-:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_98:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_me:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-11-24 07:15

Updated : 2024-02-28 18:08


NVD link : CVE-2020-5674

Mitre link : CVE-2020-5674

CVE.ORG link : CVE-2020-5674


JSON object : View

Products Affected

epson

  • print_layout
  • net_config_se
  • ec-01
  • easy_photo_print
  • connect
  • status_monitor_3
  • multi-print_quicker
  • creativity_suite
  • ec-01_firmware
  • pm-t990_integrated_installer
  • color_calibration_utility
  • scan_icm_updater
  • print_image_framer_tool
  • prolab_print
  • remote_printer_driver
  • net_config
  • web_to_page
  • universal_print_driver
  • easy_settings
  • e-photo
  • imaging_workshop
  • scanner_driver
  • status_monitor_2
  • link2
  • net_software_development_kit
  • photoquicker
  • photostarter
  • print
  • colorio_easy_print
  • net_print
  • photolier
  • webconfig
  • album_print
  • colorbase

microsoft

  • windows
  • windows_me
  • windows_98
CWE
CWE-427

Uncontrolled Search Path Element