Primary

Context

Canon IJ Scan Utility Unquoted Service Path Vulnerability Allowing Arbitrary File Execution

Vulnerability

A vulnerability exists in Canon IJ Scan Utility for Windows, versions 1.1.2 through 1.5.0, due to an unquoted executable path in a Windows service. This flaw may enable a local attacker to execute a malicious file with the service's privileges, particularly if the file path includes spaces.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of files with elevated privileges, potentially allowing for malicious actions to be performed under the guise of the affected service.

Remediation

Users are advised to install the latest MP Driver, which includes a patched version of IJ Scan Utility for Windows. The updated software can be downloaded from the Canon Software Download page. After installation, verify that IJ Scan Utility for Windows version 1.6.0 or higher is installed.

Added: Feb 27, 2026, 12:31 AM

Updated: Feb 27, 2026, 12:31 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Canon IJ Scan Utility Unquoted Service Path Vulnerability Allowing Arbitrary File Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating