JVNVU#99676444: Canon IJ Scan Utility registers Windows services with unquoted file paths

Overview

IJ Scan Utility provided by Canon Inc. registers Windows services with unquoted file paths.

Products Affected

IJ Scan Utility Ver.1.1.2 to Ver.1.5.0

Description

IJ Scan Utility provided by Canon Inc. contains the following vulnerability.

Unquoted search path or element (CWE-428)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7
- CVE-2026-1585

Impact

A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affected product is installed.

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.
For more information, refer to the information provided by the developer.

Vendor Status

Vendor	Link
Canon Inc.	CP2026-002 Vulnerability Remediation for IJ Scan Utility for Windows
Canon USA	CPA2026-002: Vulnerability Remediation for IJ Scan Utility for Windows
Canon Europe	CPE2026-002 - Vulnerability Remediation for IJ Scan Utility for Windows

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Canon Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#99676444 Canon IJ Scan Utility registers Windows services with unquoted file paths