CVE-2020-5681

Name of the Vulnerable Software and Affected Versions EpsonNet SetupManager versions 2.2.14 and earlier Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier

Description The issue is related to an untrusted search path vulnerability in self-extracting files created by the affected software. This vulnerability allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Recommendations For EpsonNet SetupManager versions 2.2.14 and earlier, consider updating to a version later than 2.2.14 to resolve the issue. For Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier, consider updating to a version later than 1.6x/1.6y to resolve the issue. As a temporary workaround, consider restricting access to directories where self-extracting files are executed to minimize the risk of exploitation.