Published:2023/06/14  Last Updated:2023/06/14

Printer Driver Packager NX creates driver installation packages without modification detection


Printer Driver Packager NX provided by Ricoh Company, Ltd. creates a driver installation package which fails to detect its modification.

Products Affected

  • Printer Driver Packager NX v1.0.02 to v1.1.25


Printer Driver Packager NX provided by Ricoh Company, Ltd. is a tool to create driver installation packages. A driver installation package is used to install and configure printer drivers on the target PCs.
The installation and configuration of printer drivers require an administrative privilege, and a created driver installation package can bundle administrative credentials in encrypted form enabling non-administrative users to install printer drivers without administrator's help.

The driver installation package, created by the affected version of Printer Driver Packager NX, fails to detect its modification (CWE-345) and may spawn an unexpected process with the administrative privilege.


If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.


Update the software and re-create installation packages
Update the affected Printer Driver Packager NX to the latest version and re-create driver installation packages, according to the information provided by the developer.
The developer has released Printer Driver Packager NX v1.1.26 that addresses this vulnerability.


JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Base Score: 7.8
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)


The analysis assumes that a non-administrative user modifies the installation package and runs it on the target PC.


Ricoh Company, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2023-30759
JVN iPedia