CVE-2020-5674

Description

Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Affected (38)

Products: Epson: Album Print, Color Calibration Utility, Colorbase, Colorio Easy Print, Connect, Creativity Suite, E Photo, Easy Photo Print, Easy Settings, Imaging Workshop, Link2, Multi Print Quicker, Net Config, Net Config Se, Net Print, Net Software Development Kit, Photolier, Photoquicker, Photostarter, Pm T990 Integrated Installer, Print, Print Layout, Prolab Print, Remote Printer Driver, Scan Icm Updater, Scanner Driver, Web To Page, Webconfig, Universal Print Driver, Status Monitor 2, Status Monitor 3, Ec 01 Firmware, Print Image Framer Tool

Epson

33 products

Album Print

Color Calibration Utility

Net Software Development Kit

Photolier

Photoquicker

Photostarter

Pm T990 Integrated Installer

Print

Print Layout

Prolab Print

Remote Printer Driver

Universal Print Driver

Status Monitor 2

Status Monitor 3

Ec 01 Firmware

Print Image Framer Tool

Configuration A

33 vulnerable

Vulnerable Software	Affected Versions
Epson Album Print	All versions
Epson Color Calibration Utility	All versions
Epson Colorbase	All versions
Epson Colorio Easy Print	All versions
Epson Connect	All versions
Epson Creativity Suite	All versions
Epson E Photo	All versions
Epson E Photo	All versions
Epson Easy Photo Print	All versions
Epson Easy Photo Print	All versions
Epson Easy Settings	All versions
Epson Imaging Workshop	All versions
Epson Link2	All versions
Epson Multi Print Quicker	All versions
Epson Net Config	All versions
Epson Net Config Se	All versions
Epson Net Print	All versions
Epson Net Software Development Kit	All versions
Epson Photolier	All versions
Epson Photoquicker	All versions
Epson Photostarter	Version 3.1
Epson Pm T990 Integrated Installer	All versions
Epson Print	All versions
Epson Print	All versions
Epson Print	All versions
Epson Print Layout	All versions
Epson Prolab Print	All versions
Epson Prolab Print	All versions
Epson Remote Printer Driver	All versions
Epson Scan Icm Updater	All versions
Epson Scanner Driver	All versions
Epson Web To Page	All versions
Epson Webconfig	All versions

Configuration B

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Epson Universal Print Driver	All versions

Running on/with	Platform Versions
Microsoft Windows	All versions
Microsoft Windows	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Epson Status Monitor 2	All versions
Epson Status Monitor 3	All versions

Running on/with	Platform Versions
Microsoft Windows	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Epson Ec 01 Firmware	All versions

Running on/with	Platform Versions
Epson Ec 01	All versions

Configuration E

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Epson Print Image Framer Tool	All versions

Running on/with	Platform Versions
Microsoft Windows 98	All versions
Microsoft Windows Me	All versions

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (6)

https://jvn.jp/en/jp/JVN26835001/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.epson.jp/support/misc_t/201119_oshirase.htm

Source: vultures@jpcert.or.jp

Vendor Advisory

https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN26835001/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.epson.jp/support/misc_t/201119_oshirase.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Description

Affected (38)

Related CWEs

References (6)

Timeline