Untrusted Search Path Vulnerability in Fuji Xerox ApeosPort and DocuCentre Products
CVE-2017-10850

7.8HIGH

Key Information:

Vendor

Fuji Xerox Co.,ltd.

Status
Installer Of Art Ex Driver For Apeosport-vi C7771/c6671/c5571/c4471/c3371/c2271
Installer Of Art Ex Driver For Docucentre-vi C7771/c6671/c5571/c4471/c3371/c2271
Installer Of Postscript? Driver + Additional Feature Plug-in + Ppd File For Apeosport-vi C7771/c6671/c5571/c4471/c3371/c2271
Installer Of Postscript? Driver + Additional Feature Plug-in + Ppd File For Docucentre-vi C7771/c6671/c5571/c4471/c3371/c2271
Vendor
CVE Published:
1 September 2017

What is CVE-2017-10850?

The vulnerability in the installers of the Fuji Xerox ApeosPort and DocuCentre products allows unauthorized users to gain elevated privileges by placing a Trojan horse DLL in an untrusted directory. This occurs when the code signing timestamp of the affected drivers precedes specific dates, exposing the system to potential exploitation. Users should ensure timely updates to mitigate this risk.

Affected Version(s)

Installer of ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 Timestamp of code signing is before 26 May 2017 07:44 UTC

Installer of ART EX Direct FAX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 Timestamp of code signing is before 26 May 2017 07:44 UTC

Installer of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 Timestamp of code signing is before 12 Apr 2017 02:04 UTC

References

https://jvn.jp/en/jp/JVN09769017/index.html
third-party-advisoryx_refsource_JVN
http://www.fujixerox.co.jp/company/news/notice/2017/0831_...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.