JVNDB-2023-002111

Printer Driver Packager NX creates driver installation packages without modification detection

Printer Driver Packager NX provided by Ricoh Company, Ltd. is a tool to create driver installation packages. A driver installation package is used to install and configure printer drivers on the target PCs.
The installation and configuration of printer drivers require an administrative privilege, and a created driver installation package can bundle administrative credentials in encrypted form enabling non-administrative users to install printer drivers without administrator's help.

The driver installation package, created by the affected version of Printer Driver Packager NX, fails to detect its modification (CWE-345) and may spawn an unexpected process with the administrative privilege.

Ricoh Company, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.

Ricoh Co., Ltd

• Ridoc Ez Installer NX v1.0.02 to v1.1.25

If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.

[Comment]
The analysis assumes that a non-administrative user modifies the installation package and runs it on the target PC.

[Update the software and re-create installation packages]
Update the affected Printer Driver Packager NX to the latest version and re-create driver installation packages, according to the information provided by the developer.
The developer has released Printer Driver Packager NX v1.1.26 that addresses this vulnerability.

Ricoh Co., Ltd

• RICOH COMPANY, LTD. : Notice the elevation of administrator privileges vulnerability in Printer Driver Packager NX.
• RICOH COMPANY, LTD. : Notice elevation of administrator privileges vulnerability in Printer Driver Packager NX.

1. Insufficient Verification of Data Authenticity(CWE-345) [Other]

1. CVE-2023-30759

1. JVN : JVNVU#92207133

• [2023/06/15]
    Web page was published