RSS   Podatności dla 'Paperstream ip (twain)'   RSS

2019-05-17
 
CVE-2018-16156

CWE-426
 

 
In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it can be used to escalate to SYSTEM level privilege.

 

 >>> Vendor: Fujitsu 46 Produkty
Chocoa
Uxp v
Siemens networker
Netshelter fw
Netshelter fw-l
Netshelter fw-m
Netshelter fw-p
Myweb portal office
Serverview
Interstage application server
Interstage apworks
Fence
Systemwalker desktop encryption
Primergy bx300
Interstage studio
Interstage application server enterprise
Interstage application server standard j
Interstage apworks enterprise
Interstage apworks standard j
Interstage studio enterprise
Interstage studio standard j
Interstage application server plus
Interstage apworks modelers j
Interstage business application server
Interstage smart repository
Interstage application server plus developer
Interstage business application server enterprise
Web based admin view
Systemcastwizard lite
Enhanced support facility
Jasmine2000
E-pares
Serverview operations manager
Arrows me f-11d
Arrows tab lte f-01d
Arrows x lte f-05d
Regza phone t-01d
Arrows kiss f-03d
F-12c
Fence-explorer
Displayview click
Displayview click suite
Gk900 firmware
Lx901 firmware
Paperstream ip (twain)
Arrows nx f005-f firmware


Copyright 2020, cxsecurity.com

 

Back to Top