Lexmark Printers Open to Arbitrary Code-Execution Zero-Day

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,168
Content source
https://threatpost.com/lexmark-printers-code-execution-zero-day/167111/
Lexmark printers – those ubiquitous, inky office workhorses that fill homes and offices, and are found all the way on up to the federal government – have an unpatched vulnerability that could lead to serious, easy-to-execute attacks that require neither privileges nor user interaction and which can lead to arbitrary code execution.

According to an advisory filed by researcher Julio Aviña on the IBM X-Force Exchange, the flaw could lead to a low-complexity attack that could allow a local attacker to execute arbitrary code. The vulnerability’s CVSS 3.0 base score is high, at 8.4. Fortunately, it doesn’t appear to have been exploited yet: The report lists the bug’s exploitability as “unproven.”

The bug, found in the Lexmark Printer Software G2 Installation Package, is caused by an unquoted service-path vulnerability in the “LM__bdsvc” service. That package allows an administrator to customize the users’ installation experience, according to Lexmark.

The installation package in question runs on Microsoft Windows operating systems Vista (32-bit/64-bit), Server 2008 (32-bit/64-bit), Windows 7 (32-bit/64-bit), Server 2008 R2 (64-bit), Windows 8.1 (32-bit/64-bit), Windows 10 Client (32-bit/64-bit), Windows Server 2012, Server 2012 (64-bit) R2, Server 2016 (64-bit) and Server 2019 (64-bit) print and scan drivers with an enhanced GUI.

“By placing a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system,” the advisory explained. According to ProcessChecker, a service that shows information about running processes, LM__bdsvc.exe is part of the printer communication system.

As of Tuesday, there was no patch or other workaround available, Aviña wrote: “No remedy available as of June 21, 2021.”

The advisory states that a successful attempt to exploit the bug requires the attacker “to insert an executable file into the service path undetected by the OS or some security application.” When the service or the system restarts, that executable will run with elevated privileges.

Lexmark told Threatpost on Tuesday that a fix is in the works. Lexmark CSO Bryan Willett said in an emailed statement that “Lexmark takes security very seriously. We are aware of this concern and are working to address the vulnerability. We welcome security researchers to report vulnerabilities directly at Lexmark Security Advisories
Click to expand...
threatpost.com

Lexmark Printers Open to Arbitrary Code-Execution Zero Day

“No remedy available as of June 21, 2021," according to the researcher who discovered the easy-to-exploit, no-user-action-required bug.
threatpost.com threatpost.com
 
  • Like
  • +Reputation
Reactions: upnorth, Venustus, plat and 4 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Numerous Lexmark Printers affected by critical security issues
Replies
0
Views
637
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
upnorth
    • Like
Critical RCE Lexmark Printer Bug Has Public Exploit
Replies
1
Views
537
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • +Reputation
    • Like
Lexmark firmware update closes vulnerability and fixes Windows printer issue
Replies
0
Views
549
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top