CVE-2018-16156

Name of the Vulnerable Software and Affected Versions PaperStream IP (TWAIN) version 1.42.0.5685 (Service Update 7)

Description The issue concerns the FJTWSVIC service, which runs with SYSTEM privilege and processes unauthenticated messages over a named pipe called FjtwMkic Fjicube 32. A function in this service attempts to load the UninOldIS.dll library dynamically and execute the ChangeUninstallString function. Since the default installation does not include this library, any DLL with the same name found in the directories listed in the PATH variable can be used to escalate privileges to the SYSTEM level.

Recommendations For PaperStream IP (TWAIN) version 1.42.0.5685 (Service Update 7), as a temporary workaround, consider restricting access to the FjtwMkic Fjicube 32 named pipe to minimize the risk of exploitation. Additionally, ensure that no malicious DLLs are present in the directories listed in the PATH variable by regularly monitoring and cleaning up these directories. At the moment, there is no information about a newer version that contains a fix for this issue.