Untrusted Search Path Vulnerability in ContentsBridge Utility for Windows by Fuji Xerox
CVE-2017-10851

7.8HIGH

Key Information:

Vendor: Fuji Xerox Co.,ltd.
Status: Installer For Contentsbridge Utility For Windows
Vendor: CVE Published:; 1 September 2017

What is CVE-2017-10851?

The Installer for the ContentsBridge Utility developed by Fuji Xerox has a vulnerability that allows an attacker to exploit an untrusted search path. This flaw can enable a malicious actor to execute a Trojan horse DLL placed in an unspecified directory, which potentially grants elevated privileges. Proper mitigations should be applied to prevent unauthorized access and ensure system integrity.

Affected Version(s)

Installer for ContentsBridge Utility for Windows 7.4.0 and earlier

References

https://jvn.jp/en/jp/JVN09769017/index.html

third-party-advisoryx_refsource_JVN

http://www.fujixerox.co.jp/company/news/notice/2017/0831_...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 1, 2017
Vulnerability Reserved
Jul 4, 2017

Fuji Xerox Co.,ltd.

What is CVE-2017-10851?

Affected Version(s)

References

CVSS V3.1

Timeline