CVE-2021-38085

Name of the Vulnerable Software and Affected Versions: Canon TR150 print driver versions 3.71.2.10 and earlier

Description: The issue allows a local attacker to escalate privileges during the add printer process by overwriting CNMurGE.dll. If timed properly, the overwritten DLL will be loaded into a SYSTEM process, resulting in escalation of privileges. This occurs because the driver drops a world-writable DLL into a CanonBJ %PROGRAMDATA% location that gets loaded by printisolationhost (a system process).

Recommendations: For Canon TR150 print driver versions 3.71.2.10 and earlier, consider disabling the printisolationhost system process or restricting access to the CanonBJ %PROGRAMDATA% location as a temporary workaround until a patch is available.