high
7.8
CWE
427
Advisory Published
Updated

CVE-2020-5674

First published: Tue Nov 24 2020(Updated: )

Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Credit: vultures@jpcert.or.jp

Affected SoftwareAffected VersionHow to fix
Epson Album Print
Epson Color Calibration Utility
Epson Colorbase
Epson Colorio Easy Print
Epson Connect
Epson Creativity Suite
Epson E-photo
Epson E-photo
Epson Easy Photo Print
Epson Easy Photo Print
Epson Easy Settings
Epson Imaging Workshop
Epson Link2
Epson Multi-print Quicker
Epson Net Config
Epson Net Config Se
Epson Net Print
Epson Net Software Development Kit
Epson Photolier
Epson Photoquicker
Epson Photostarter=3.1
Epson Pm-t990 Integrated Installer
Epson Print
Epson Print
Epson Print
Epson Print Image Framer Tool
Epson Print Layout
Epson Prolab Print
Epson Prolab Print
Epson Remote Printer Driver
Epson Scan Icm Updater
Epson Scanner Driver
Epson Web To Page
Epson Webconfig
Epson Universal Print Driver
Microsoft Windows
Microsoft Windows
Epson Status Monitor 2
Epson Status Monitor 3
Microsoft Windows
Epson Ec-01 Firmware
Epson Ec-01
Microsoft Windows 98
Microsoft Windows Me

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2020-5674?

    CVE-2020-5674 is an untrusted search path vulnerability in the installers of multiple SEIKO EPSON products that allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • Which SEIKO EPSON products are affected by CVE-2020-5674?

    The SEIKO EPSON products affected by CVE-2020-5674 include Epson Album Print, Epson Color Calibration Utility, Epson Colorbase, Epson Colorio Easy Print, Epson Connect, Epson Creativity Suite, Epson E-photo, Epson Easy Photo Print, Epson Easy Settings, Epson Imaging Workshop, Epson Link2, Epson Multi-print Quicker, Epson Net Config, Epson Net Print, Epson Net Software Development Kit, Epson Photolier, Epson Photoquicker, Epson Photostarter, Epson Pm-t990 Integrated Installer, Epson Print, Epson Print Image Framer Tool, Epson Print Layout, Epson Prolab Print, Epson Remote Printer Driver, Epson Scan Icm Updater, Epson Scanner Driver, Epson Web To Page, Epson Webconfig, and Epson Universal Print Driver.

  • What is the severity of CVE-2020-5674?

    CVE-2020-5674 has a severity rating of 7.8 (high).

  • How can an attacker exploit CVE-2020-5674?

    An attacker can exploit CVE-2020-5674 by placing a Trojan horse DLL in an unspecified directory, which can then be loaded and executed by the affected SEIKO EPSON products, allowing the attacker to gain elevated privileges.

  • Are Microsoft Windows operating systems vulnerable to CVE-2020-5674?

    No, Microsoft Windows operating systems are not vulnerable to CVE-2020-5674.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203