Vulnerability Description
The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the "C:\Program Files" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Epson | Lp-S7100 | All versions |
| Epson | Lp-S7100 Driver 4.1.0 | All versions |
| Epson | Lp-S7100 Driver 4.1.7 | All versions |
| Epson | Lp-S9000 | All versions |
| Epson | Lp-S9000 Driver 4.1.0 | All versions |
| Epson | Lp-S9000 Driver 4.1.11 | All versions |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN62736872/index.html
- http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000059.html
- http://osvdb.org/69678
- http://secunia.com/advisories/42540Vendor Advisory
- http://www.epson.jp/support/misc/lps7100_9000/index.htmVendor Advisory
- http://jvn.jp/en/jp/JVN62736872/index.html
- http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000059.html
- http://osvdb.org/69678
- http://secunia.com/advisories/42540Vendor Advisory
- http://www.epson.jp/support/misc/lps7100_9000/index.htmVendor Advisory
FAQ
What is CVE-2010-3920?
CVE-2010-3920 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the "C:\Program...
How severe is CVE-2010-3920?
CVE-2010-3920 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3920?
Check the references section above for vendor advisories and patch information. Affected products include: Epson Lp-S7100, Epson Lp-S7100 Driver 4.1.0, Epson Lp-S7100 Driver 4.1.7, Epson Lp-S9000, Epson Lp-S9000 Driver 4.1.0.