CVE-2020-36984

Name of the Vulnerable Software and Affected Versions EPSON version 1.124

Description EPSON 1.124 contains an unquoted service path vulnerability in the SENADB service. This allows local attackers to execute code with elevated system privileges. The vulnerability exists due to an unquoted path in C:Program Files (x86)EPSON P2BPrinter SoftwareStatus Monitor. Attackers can inject malicious executables into this directory, which will then run with LocalSystem permissions.

Recommendations Ensure the service path for SENADB is enclosed in quotes.