CVE-2017-10850

Published: Sep 1, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Vendor	Product	Versions
Fuji Xerox Co.,Ltd.	Installer of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271	affected `Timestamp of code signing is before 12 Apr 2017 02:04 UTC`
Fuji Xerox Co.,Ltd.	Installer of ART EX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271	affected `Timestamp of code signing is before 12 Apr 2017 02:04 UTC`
Fuji Xerox Co.,Ltd.	Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271	affected `Timestamp of code signing is before 12 Apr 2017 02:10 UTC`
Fuji Xerox Co.,Ltd.	Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271	affected `Timestamp of code signing is before 12 Apr 2017 02:10 UTC`
Fuji Xerox Co.,Ltd.	Installer of XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271	affected `Timestamp of code signing is before 3 Nov 2017 23:48 UTC`
Fuji Xerox Co.,Ltd.	Installer of XPS Print Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271	affected `Timestamp of code signing is before 3 Nov 2017 23:48 UTC`
Fuji Xerox Co.,Ltd.	Installer of ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271	affected `Timestamp of code signing is before 26 May 2017 07:44 UTC`
Fuji Xerox Co.,Ltd.	Installer of ART EX Direct FAX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271	affected `Timestamp of code signing is before 26 May 2017 07:44 UTC`
Fuji Xerox Co.,Ltd.	Installer of Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271	affected `Timestamp of code signing is before 25 Aug 2015 08:51 UTC`
Fuji Xerox Co.,Ltd.	Installer of Setting Restore Tool for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271	affected `Timestamp of code signing is before 25 Aug 2015 08:51 UTC`

References

JVN#09769017

third-party-advisory

x_refsource_JVN

http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-10850

Description

Affected Products

References