16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers

2021-07-20 04:47

Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005.

Hundreds of millions of printers have been released worldwide to date with the vulnerable driver in question.

"A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege," according to an advisory published in May. The issue was reported to HP by threat intelligence researchers from SentinelLabs on February 18, 2021, following which remedies have been published for the affected printers as of May 19, 2021.

Specifically, the issue hinges on the fact that the printer driver doesn't sanitize the size of the user input, potentially allowing an unprivileged user to escalate privileges and run malicious code in kernel mode on systems that have the buggy driver installed.

Interestingly, it appears that HP copied the driver's functionality from a near-identical Windows driver sample published by Microsoft, although the sample project in itself doesn't contain the vulnerability.

This is not the first time security flaws have been discovered in old software drivers.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/0waAACXDS2I/16-year-old-security-bug-affects.html

#HP #printers #samsung #security #xerox

Related vendor

VENDOR	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
HP	8953	137	722	486	667	2012
Samsung	1725	182	413	290	88	973
Xerox	240	1	53	31	15	100