Vulnerabilities > CVE-2020-9453 - NULL Pointer Dereference vulnerability in Epson Iprojection 2.30

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

epson

CWE-476

NVD

Published: 2021-02-05

Updated: 2023-02-17

Summary

In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \Device\EMPMPAUIO and \DosDevices\EMPMPAU.

Vulnerable Configurations

Part	Description	Count
Application	Epson Epson Iprojection 2.30	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://epson.com
https://github.com/FULLSHADE/Kernel-exploits
https://github.com/FULLSHADE/Kernel-exploits/tree/master/EMP_MPAU.sys
https://epson.com/Support/wa00936