Details of VAR-201012-0350

ID

VAR-201012-0350

CVE

CVE-2010-3920

TITLE

Vulnerability in Epson printer driver installer where access permissions are changed

Trust: 0.8

sources: JVNDB: JVNDB-2010-000059

DESCRIPTION

The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the "C:\Program Files" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories. As a result, users that do not have permission to access that folder can gain access to that folder. According to the developer, printer drivers that were included with the product or downloaded from the developer website from the initial release of May 2010 through November 25, 2010 are affected by this vulnerability. Also, users of Windows Vista and later operating systems are not affected. The Epson LP-S7100 / LP-S9000 is a family of high performance printers. There is a problem with the Epson LP-S7100 / LP-S9000 driver installation, allowing local users to increase privileges. Because the default permissions for \"C:\\Program Files\" and its subdirectories are not set correctly (\"Everyone\" group is fully controlled), local users can exploit the vulnerability to overwrite any file in these folders, resulting in elevation of privilege. Local attackers can exploit this issue to gain elevated privileges on affected devices. The following driver versions are vulnerable: LP-S7100 4.1.0fi through 4.1.7fi and 4.1.0hi through 4.1.7hi LP-S9000 4.1.0fc through 4.1.11fc and 4.1.0hc through 4.1.11hc. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Epson LP-S7100 / LP-S9000 Drivers Insecure Default Permissions SECUNIA ADVISORY ID: SA42540 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42540/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42540 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42540/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42540/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42540 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Epson LP-S7100 / LP-S9000 drivers, which can be exploited by malicious, local users to gain escalated privileges. The security issue is reported in the following versions: * LP-S7100 32bit edition versions 4.1.0fi through 4.1.7fi * LP-S7100 64bit edition versions 4.1.0hi through 4.1.7hi * LP-S9000 32bit edition versions 4.1.0fc through 4.1.11fc * LP-S9000 64bit edition versions 4.1.0hc through 4.1.11hc SOLUTION: Update to a patched version and reset permissions. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.epson.jp/support/misc/lps7100_9000/index.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2010-3920 // JVNDB: JVNDB-2010-000059 // CNVD: CNVD-2010-3107 // BID: 45258 // PACKETSTORM: 96501

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-3107

AFFECTED PRODUCTS

vendor:	epson	model:	lp-s9000 driver 4.1.11	scope:	eq	version:	*	Trust: 1.0
vendor:	epson	model:	lp-s9000 driver 4.1.0	scope:	eq	version:	*	Trust: 1.0
vendor:	epson	model:	lp-s7100 driver 4.1.7	scope:	eq	version:	*	Trust: 1.0
vendor:	epson	model:	lp-s7100 driver 4.1.0	scope:	eq	version:	*	Trust: 1.0
vendor:	epson	model:	lp-s9000 4.1.0fc	scope:	-	version:	-	Trust: 0.9
vendor:	epson	model:	lp-s9000 4.1.0hc	scope:	-	version:	-	Trust: 0.9
vendor:	epson	model:	lp-s9000 4.1.11fc	scope:	-	version:	-	Trust: 0.9
vendor:	epson	model:	lp-s9000 4.1.11hc	scope:	-	version:	-	Trust: 0.9
vendor:	seiko epson	model:	driver for lp-s7100	scope:	eq	version:	prior to ver4.1.11 (32-bit and 64-bit)	Trust: 0.8
vendor:	seiko epson	model:	driver for lp-s9000	scope:	eq	version:	prior to ver4.1.7 (32-bit and 64-bit)	Trust: 0.8
vendor:	epson	model:	lp-s9000 4.1.0fi	scope:	-	version:	-	Trust: 0.6
vendor:	epson	model:	lp-s9000 4.1.0hi	scope:	-	version:	-	Trust: 0.6
vendor:	epson	model:	lp-s9000 4.1.7fi	scope:	-	version:	-	Trust: 0.6
vendor:	epson	model:	lp-s9000 4.1.7hi	scope:	-	version:	-	Trust: 0.6
vendor:	epson	model:	lp-s9000	scope:	-	version:	-	Trust: 0.6
vendor:	epson	model:	lp-s7100	scope:	-	version:	-	Trust: 0.6
vendor:	epson	model:	lp-s7100 4.1.7hi	scope:	-	version:	-	Trust: 0.3
vendor:	epson	model:	lp-s7100 4.1.7fi	scope:	-	version:	-	Trust: 0.3
vendor:	epson	model:	lp-s7100 4.1.0hi	scope:	-	version:	-	Trust: 0.3
vendor:	epson	model:	lp-s7100 4.1.0fi	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2010-3107 // BID: 45258 // JVNDB: JVNDB-2010-000059 // CNNVD: CNNVD-201012-100 // NVD: CVE-2010-3920

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-3920
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2010-000059
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201012-100
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2010-3920
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2010-000059
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

sources: JVNDB: JVNDB-2010-000059 // CNNVD: CNNVD-201012-100 // NVD: CVE-2010-3920

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.0
problemtype:	CWE-DesignError	Trust: 0.8

sources: JVNDB: JVNDB-2010-000059 // NVD: CVE-2010-3920

THREAT TYPE

local

Trust: 1.0

sources: BID: 45258 // PACKETSTORM: 96501 // CNNVD: CNNVD-201012-100

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201012-100

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-000059

PATCH

title:	To the users of LP-S7100/LP-S9000	url:	http://www.epson.jp/support/misc/lps7100_9000/index.htm	Trust: 0.8
title:	Epson LP-S7100 / LP-S9000 Unsafe Directory Permissions Elevation of Privilege Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/1998	Trust: 0.6

sources: CNVD: CNVD-2010-3107 // JVNDB: JVNDB-2010-000059

EXTERNAL IDS

db:	NVD	id:	CVE-2010-3920	Trust: 3.3
db:	SECUNIA	id:	42540	Trust: 3.1
db:	JVN	id:	JVN62736872	Trust: 2.4
db:	JVNDB	id:	JVNDB-2010-000059	Trust: 2.4
db:	OSVDB	id:	69678	Trust: 1.8
db:	CNVD	id:	CNVD-2010-3107	Trust: 0.6
db:	JVN	id:	JVN#62736872	Trust: 0.6
db:	CNNVD	id:	CNNVD-201012-100	Trust: 0.6
db:	BID	id:	45258	Trust: 0.3
db:	PACKETSTORM	id:	96501	Trust: 0.1

sources: CNVD: CNVD-2010-3107 // BID: 45258 // JVNDB: JVNDB-2010-000059 // PACKETSTORM: 96501 // CNNVD: CNNVD-201012-100 // NVD: CVE-2010-3920

REFERENCES

url:	http://jvn.jp/en/jp/jvn62736872/index.html	Trust: 2.4
url:	http://secunia.com/advisories/42540	Trust: 2.4
url:	http://www.epson.jp/support/misc/lps7100_9000/index.htm	Trust: 2.0
url:	http://osvdb.org/69678	Trust: 1.8
url:	http://jvndb.jvn.jp/ja/contents/2010/jvndb-2010-000059.html	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3920	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3920	Trust: 0.8
url:	http://secunia.com/advisories/42540/	Trust: 0.7
url:	http://www.epson.jp/products/offirio/printer/lps7100/	Trust: 0.3
url:	http://www.epson.jp/products/offirio/printer/lps9000/	Trust: 0.3
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/42540/#comments	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=42540	Trust: 0.1
url:	http://secunia.com/products/corporate/vim/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2010-3107 // BID: 45258 // JVNDB: JVNDB-2010-000059 // PACKETSTORM: 96501 // CNNVD: CNNVD-201012-100 // NVD: CVE-2010-3920

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 45258

SOURCES

db:	CNVD	id:	CNVD-2010-3107
db:	BID	id:	45258
db:	JVNDB	id:	JVNDB-2010-000059
db:	PACKETSTORM	id:	96501
db:	CNNVD	id:	CNNVD-201012-100
db:	NVD	id:	CVE-2010-3920

LAST UPDATE DATE

2025-04-11T22:50:18.849000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-3107	date:	2010-12-09T00:00:00
db:	BID	id:	45258	date:	2010-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2010-000059	date:	2010-12-08T00:00:00
db:	CNNVD	id:	CNNVD-201012-100	date:	2010-12-10T00:00:00
db:	NVD	id:	CVE-2010-3920	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-3107	date:	2010-12-09T00:00:00
db:	BID	id:	45258	date:	2010-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2010-000059	date:	2010-12-08T00:00:00
db:	PACKETSTORM	id:	96501	date:	2010-12-08T05:23:36
db:	CNNVD	id:	CNNVD-201012-100	date:	2010-12-10T00:00:00
db:	NVD	id:	CVE-2010-3920	date:	2010-12-08T20:00:01.713