April 1, 2025 By Pierluigi Paganini
Microsoft’s offensive security team discovered a critical code execution vulnerability impacting Canon printer drivers.
Researchers at Microsoft’s Offensive Research and Security Engineering (MORSE) team have discovered a critical code execution vulnerability, tracked as CVE-2025-1268 (CVSS score of 9.4), impacting Canon printer drivers.
The vulnerability is an out-of-bounds issue that resides in certain printer drivers for production printers, office/small office multifunction printers and laser printers. The flaw impacts the EMF recode processing of Generic Plus PCL6, UFR II, LIPS4, LIPSXL, and PS printer drivers. An attacker can exploit the flaw to prevent printing and/or potentially execute arbitrary code under certain conditions.
“Out-of-bounds vulnerability was found in certain printer drivers for production printers, office/small office multifunction printers and laser printers that may prevent printing and/or potentially be able to execute arbitrary code when the print is processed by a malicious application.” reads the advisory.