Thank you for your feedback



Lexmark Security Advisory: Local Escalation of Privilege in the Lexmark Universal Print Driver (CVE-2021-35449)

Document ID:TE953

Usergroup :External
  Languages  
  Properties  

Solution

Lexmark Security Advisory:

 Revision:  1.0
 Last update:     12-July-2021
 Public Release Date:  15-July-2021

  

Summary
 

The Lexmark Universal Print Driver contains a local escalation of privilege vulnerability.

     

 

References
 

CVE: CVE-2021-35449

 

 

Details
 

The Lexmark Universal Print Driver contains a vulnerability that allows the user that installed the driver to execute a DLL of their choosing with SYSTEM privileges.

Updating the Windows Lexmark Universal Print Driver will correct the issue.

 

CVSSv3 Base Score 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Impact Subscore: 5.9  
Exploitability Subscore: 1.8  

 

CVSSv3 scores are calculated in accordance with CVSS version 3.1 (https://www.first.org/cvss/user-guide)

 

 

Impact
 

Successful exploitation of this vulnerability can lead to attacker-controlled code running with SYSTEM privileges.

 

 

Affected Products
 

Lexmark Printer Software G2 Driver and Software 1.8.0.0 and previous versions

Lexmark Printer Software G2 Postscript Driver Package 2.7.1.0 and previous versions

Lexmark Printer Software G2 PCL5 Driver Package 2.7.1.0 and previous versions

Lexmark Printer Software G2 PCL XL Driver Package 2.7.1.0 and previous versions

Lexmark Printer Software G3 Driver and Software 1.2.0.0 and previous versions

Lexmark Printer Software G3 PCL5 Driver Package 3.2.0.0 and previous versions

Lexmark Printer Software G3 PCL XL Driver Package 3.2.0.0 and previous versions

Lexmark Printer Software G3 Postscript Driver Package 3.2.0.0 and previous versions

Lexmark Printer Software G4 Driver and Software 1.3.0.0 and previous versions

Lexmark Printer Software G4 HBP Driver Package 4.2.1.0 and previous versions

Standalone/Co-Existing Universal Print Driver Installation Package 2.15.1.0 (HBP) and previous versions

Standalone/Co-Existing Universal HBP Print Driver v2.15.1.0 and previous versions

Universal Print Driver Installation Package 2.15.1.0 (HBP) and previous versions

Universal HBP Print Driver 2.15.1.0 and previous versions

Standalone/Co-Existing Universal Print Driver Installation Package 2.15.1.0 and previous versions

Standalone/Co-Existing Universal PostScript 3 Emulation Print Driver 2.15.1.0 and previous versions

Standalone/Co-Existing Universal PCL XL Emulation Print Driver 2.15.1.0 and previous versions

Standalone/Co-Existing Universal PCL5e Emulation Print Driver 2.15.1.0 and previous versions

Universal Print Driver Installation Package 2.15.1.0 and previous versions

Universal PostScript 3 Emulation Print Driver v2.15.1.0 and previous versions

Universal PCL5e Emulation Print Driver v2.15.1.0 and previous versions

Universal PCL XL Emulation Print Driver v2.15.1.0 and previous versions

 

 

Obtaining Updated Software
 

To obtain the patched Software, please visit:

Otherwise contact Lexmark’s Technical Support Center at http://support.lexmark.com to find your local support center.

 

 

Workarounds
  

Lexmark recommends updating the application if you have a vulnerable version.

 

 

Exploitation and Public Announcements
 

Lexmark is not aware of any malicious use of the vulnerability described in this advisory.

Lexmark would like to thank Jacob Baines for bringing this issue to our attention.

  

  

Status of this Notice:
 

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND IS PROVIDED WITHOUT ANY EXPRESS OR IMPLIED GUARANTEE OR WARRANTY WHATSOEVER, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR USE OR PURPOSE. LEXMARK RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

  

   

Distribution
  

This advisory is posted on Lexmark’s web site at http://support.lexmark.com/alerts
   
Future updates to this document will be posted on Lexmark’s web site at the same location.

  

  

Revision History

 

Revision Date Reason
1.0 12 - July- 2021 Initial Public Release

  

 Top



Link:
Please enter the email address you would like to send a copy of this page to.