Description
Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory.
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://scansnap.fujitsu.com/global/dl/
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN65733194/index.html
Scores
CVSS v3
7.8
EPSS
0.0044
EPSS Percentile
34.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (1)
fujitsu/scansnap_manager
< 7.0l20
Published
May 24, 2021
Tracked Since
Feb 18, 2026