TITLE:
Lexmark X1100 Series Printing Software Privilege Escalation

SECUNIA ADVISORY ID:
SA18728

VERIFY ADVISORY:
http://secunia.com/advisories/18728/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Lexmark X1100 Series
http://secunia.com/product/7842/

DESCRIPTION:
Kevin Finisterre has reported a vulnerability in Lexmark X1100
Series, which can be exploited by malicious, local users to gain
escalated privileges.

The vulnerability is caused due to the printing program invoking the
browser with SYSTEM privileges rather than using the privileges of
the currently logged on user, when the user clicks on the "Additional
styles (skins) are available on the Lexmark web site" button. This can
be exploited to execute arbitrary commands with escalated privileges
by invoking cmd.exe from the browser.

The vulnerability has been reported in the driver included with
Lexmark X1185. Other versions may also be affected.

SOLUTION:
Grant only trusted users access to affected systems.

PROVIDED AND/OR DISCOVERED BY:
Kevin Finisterre

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------