Date: 08/07/2021
Affected Product: Canon TR150 Print Driver
Product Website: https://www.usa.canon.com/internet/portal/us/home/support/details/printers/mobile-compact-printer/pixma-tr150
Vulnerable Versions: Universal Print Driver v2.15.1.0 and below.
Patched Version: No patch exists
Vendor Advisory: N/A

# CVE-2021-38085 (CWE-732)

The Canon TR150 print driver 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite a DLL and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of privileges. This occurs because the driver drops a world-writable DLL into %PROGRAMDATA% that gets loaded bya system process.

CVSSv3: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (7.8)