An easy-to-exploit, no-user-action-required bug can lead to arbitrary code execution. The bug is caused by an unquoted service-path vulnerability in the LM__bdsvc service. The vulnerability s CVSS 3.0 base score is high, at 8.4.0; it doesn t appear to have been exploited yet. Lexmark told Threatpost on Tuesday that a fix is in the works.
Source: https://threatpost.com/lexmark-printers-code-execution-zero-day/167111/