CVE-2010-3920 - Vulnerability Details - OpenCVE

The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the "C:\Program Files" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Epson	Lp-s7100 Lp-s7100 Driver 4.1.0 Lp-s7100 Driver 4.1.7 Lp-s9000 Lp-s9000 Driver 4.1.0 Lp-s9000 Driver 4.1.11

Configuration 1 [-]

AND

cpe:2.3:h:epson:lp-s7100:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:epson:lp-s7100_driver_4.1.0::::::::
	cpe:2.3:a:epson:lp-s7100_driver_4.1.7::::::::

Configuration 2 [-]

AND

cpe:2.3:h:epson:lp-s9000:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:epson:lp-s9000_driver_4.1.0::::::::
	cpe:2.3:a:epson:lp-s9000_driver_4.1.11::::::::

No data.

References

Link	Providers
http://jvn.jp/en/jp/JVN62736872/index.html
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000059.html
http://osvdb.org/69678
http://secunia.com/advisories/42540
http://www.epson.jp/support/misc/lps7100_9000/index.htm

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2010-12-08T19:00:00

Updated: 2024-08-07T03:26:12.271Z

Reserved: 2010-10-12T00:00:00

Link: CVE-2010-3920

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-12-08T20:00:01.713

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-3920

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-12-08T00:00:00", "descriptions": [{"lang": "en", "value": "The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the \"C:\\Program Files\" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-12-18T10:00:00", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"name": "JVNDB-2010-000059", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000059.html"}, {"name": "JVN#62736872", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN62736872/index.html"}, {"name": "42540", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42540"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.epson.jp/support/misc/lps7100_9000/index.htm"}, {"name": "69678", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/69678"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2010-3920", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the \"C:\\Program Files\" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "JVNDB-2010-000059", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000059.html"}, {"name": "JVN#62736872", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN62736872/index.html"}, {"name": "42540", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42540"}, {"name": "http://www.epson.jp/support/misc/lps7100_9000/index.htm", "refsource": "CONFIRM", "url": "http://www.epson.jp/support/misc/lps7100_9000/index.htm"}, {"name": "69678", "refsource": "OSVDB", "url": "http://osvdb.org/69678"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:26:12.271Z"}, "title": "CVE Program Container", "references": [{"name": "JVNDB-2010-000059", "tags": ["third-party-advisory", "x_refsource_JVNDB", "x_transferred"], "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000059.html"}, {"name": "JVN#62736872", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN62736872/index.html"}, {"name": "42540", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42540"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.epson.jp/support/misc/lps7100_9000/index.htm"}, {"name": "69678", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/69678"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2010-3920", "datePublished": "2010-12-08T19:00:00", "dateReserved": "2010-10-12T00:00:00", "dateUpdated": "2024-08-07T03:26:12.271Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:epson:lp-s7100:*:*:*:*:*:*:*:*", "matchCriteriaId": "5741D0D8-8F00-4E38-8798-A39D5467C4C9", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:epson:lp-s7100_driver_4.1.0:*:*:*:*:*:*:*:*", "matchCriteriaId": "4620B936-4901-40AC-B6CC-F73C49958FEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:lp-s7100_driver_4.1.7:*:*:*:*:*:*:*:*", "matchCriteriaId": "29B69116-7F42-4BF5-A580-1B26EB83ACF0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:epson:lp-s9000:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4E6E2CE-BDC3-447E-82CD-F4AC3FDDA99D", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:epson:lp-s9000_driver_4.1.0:*:*:*:*:*:*:*:*", "matchCriteriaId": "1671F4CB-0843-4791-B746-E29AE0A63BFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:lp-s9000_driver_4.1.11:*:*:*:*:*:*:*:*", "matchCriteriaId": "D90FCB26-B2A7-4043-88F9-78ADC5F8E5F8", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the \"C:\\Program Files\" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories."}, {"lang": "es", "value": "El instalador de drivers de impresora Seiko Epson para LP-S9000 anterior a v4.1.11 y LP-S7100 anterior a v4.1.7, o los descargados del proveedor entre mayo de 2010 y el 25 del noviembre de 2010, modifica los permisos de acceso de la carpeta \"C:\\Program Files\" (C:\\Archivos de programa) lo cual puede permitir a los usuarios locales evitar las restricciones de acceso y crear o modificar archivos y direcctorios a su elecci\u00f3n."}], "id": "CVE-2010-3920", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-12-08T20:00:01.713", "references": [{"source": "vultures@jpcert.or.jp", "url": "http://jvn.jp/en/jp/JVN62736872/index.html"}, {"source": "vultures@jpcert.or.jp", "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000059.html"}, {"source": "vultures@jpcert.or.jp", "url": "http://osvdb.org/69678"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42540"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "http://www.epson.jp/support/misc/lps7100_9000/index.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jvn.jp/en/jp/JVN62736872/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000059.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/69678"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42540"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.epson.jp/support/misc/lps7100_9000/index.htm"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}