CVE-2018-16156P3HIGHCVSS 7.8PoCv1.42.0.56852019-05-17
CVE-2018-16156 [HIGH] CWE-426 CVE-2018-16156: In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM p
In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString.
nvd