ComparedArray/printix-CVE-2022-25090

GitHub

github.com

Releases1

Frequency

Last Release over 4 years ago

Stars4

A "Creation of Temporary Files in Directory with Insecure Permissions" vulnerability in PrintixService.exe, in Printix's "Printix Secure Cloud Print Management", Version 1.3.1106.0 and below allows any logged in user to elevate any executable or file to the SYSTEM context. This is achieved by exploiting race conditions in the Installer.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-25090 ↗	Mar 10, 2022Thursday, 10 March 2022, 17:47	8.1 HIGH	9.3 HIGH
Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition.