CVE-2021-38085 – Canon TR150 Driver 3.71.2.10 Privilege Escalation

https://notcve.org/view.php?id=CVE-2021-38085

The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of privileges. This occurs because the driver drops a world-writable DLL into a CanonBJ %PROGRAMDATA% location that gets loaded by printisolationhost (a system process). El controlador de impresión Canon TR150 versiones hasta 3.71.2.10, es vulnerable a un problema de escalada de privilegios. Durante el proceso add printer, un atacante local puede sobrescribir la biblioteca CNMurGE.dll y, si se sincroniza apropiadamente, la DLL sobrescrita será cargada en un proceso SYSTEM, resultando en una escalada de privilegios. • http://packetstormsecurity.com/files/163795/Canon-TR150-Driver-3.71.2.10-Privilege-Escalation.html https://defcon.org/html/defcon-29/dc-29-speakers.html#baines https://raw.githubusercontent.com/jacob-baines/vuln_disclosure/main/vuln_2021_03.txt https://www.youtube.com/watch?v=vdesswZYz-8 - • CWE-732: Incorrect Permission Assignment for Critical Resource •