CVE-2025-42598

Published: Apr 28, 2025Modified: Apr 29, 2025

8.4

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: vultures@jpcert.or.jp (Secondary)

Description

Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. If a user is directed to place a crafted DLL file in a location of an attacker's choosing, the attacker may execute arbitrary code with SYSTEM privilege on a Windows system on which the printer driver is installed.

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

https://jvn.jp/en/vu/JVNVU90649144/

Source: vultures@jpcert.or.jp

https://www.epson.co.uk/en_GB/faq/KA-01993/contents?loc=en-us

Source: vultures@jpcert.or.jp

https://www.epson.jp/support/misc_t/250428_oshirase.htm

Source: vultures@jpcert.or.jp

https://www2.epson.jp/support/misc_t/windrv_productlist.pdf

Source: vultures@jpcert.or.jp

Timeline

No history available yet.