cvelistv5 - CVE-2017-10850

CVE-2017-10850 (GCVE-0-2017-10850)

Vulnerability from cvelistv5

Published

2017-09-01 14:00

Modified

2024-08-05 17:50

Severity ?

CWE

Untrusted search path vulnerability

Summary

References

URL

Tags

vultures@jpcert.or.jp	http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html	Vendor Advisory
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN09769017/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN09769017/index.html	Third Party Advisory, VDB Entry

Impacted products

Vendor

Product

Version

Fuji Xerox Co.,Ltd.

Installer of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271

Version: Timestamp of code signing is before 12 Apr 2017 02:04 UTC

Fuji Xerox Co.,Ltd.	Installer of ART EX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271	Version: Timestamp of code signing is before 12 Apr 2017 02:04 UTC
Fuji Xerox Co.,Ltd.	Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271	Version: Timestamp of code signing is before 12 Apr 2017 02:10 UTC
Fuji Xerox Co.,Ltd.	Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271	Version: Timestamp of code signing is before 12 Apr 2017 02:10 UTC
Fuji Xerox Co.,Ltd.	Installer of XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271	Version: Timestamp of code signing is before 3 Nov 2017 23:48 UTC
Fuji Xerox Co.,Ltd.	Installer of XPS Print Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271	Version: Timestamp of code signing is before 3 Nov 2017 23:48 UTC
Fuji Xerox Co.,Ltd.	Installer of ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271	Version: Timestamp of code signing is before 26 May 2017 07:44 UTC
Fuji Xerox Co.,Ltd.	Installer of ART EX Direct FAX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271	Version: Timestamp of code signing is before 26 May 2017 07:44 UTC
Fuji Xerox Co.,Ltd.	Installer of Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271	Version: Timestamp of code signing is before 25 Aug 2015 08:51 UTC
Fuji Xerox Co.,Ltd.	Installer of Setting Restore Tool for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271	Version: Timestamp of code signing is before 25 Aug 2015 08:51 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:50:12.585Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#09769017",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN09769017/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Installer of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
          "vendor": "Fuji Xerox Co.,Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
            }
          ]
        },
        {
          "product": "Installer of ART EX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
          "vendor": "Fuji Xerox Co.,Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
            }
          ]
        },
        {
          "product": "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
          "vendor": "Fuji Xerox Co.,Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
            }
          ]
        },
        {
          "product": "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
          "vendor": "Fuji Xerox Co.,Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
            }
          ]
        },
        {
          "product": "Installer of XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
          "vendor": "Fuji Xerox Co.,Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
            }
          ]
        },
        {
          "product": "Installer of XPS Print Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
          "vendor": "Fuji Xerox Co.,Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
            }
          ]
        },
        {
          "product": "Installer of ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
          "vendor": "Fuji Xerox Co.,Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Timestamp of code signing is before 26 May 2017 07:44 UTC"
            }
          ]
        },
        {
          "product": "Installer of ART EX Direct FAX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
          "vendor": "Fuji Xerox Co.,Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Timestamp of code signing is before 26 May 2017 07:44 UTC"
            }
          ]
        },
        {
          "product": "Installer of Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
          "vendor": "Fuji Xerox Co.,Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
            }
          ]
        },
        {
          "product": "Installer of Setting Restore Tool for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
          "vendor": "Fuji Xerox Co.,Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
            }
          ]
        }
      ],
      "datePublic": "2017-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Untrusted search path vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-01T13:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#09769017",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN09769017/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-10850",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Installer of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Installer of ART EX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Installer of XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Installer of XPS Print Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Installer of ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Timestamp of code signing is before 26 May 2017 07:44 UTC"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Installer of ART EX Direct FAX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Timestamp of code signing is before 26 May 2017 07:44 UTC"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Installer of Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Installer of Setting Restore Tool for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fuji Xerox Co.,Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#09769017",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN09769017/index.html"
            },
            {
              "name": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html",
              "refsource": "CONFIRM",
              "url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2017-10850",
    "datePublished": "2017-09-01T14:00:00",
    "dateReserved": "2017-07-04T00:00:00",
    "dateUpdated": "2024-08-05T17:50:12.585Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-10850\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2017-09-01T14:29:00.290\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de tipo ruta de b\u00fasqueda no confiable en los instaladores del controlador ART EX para ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (la marca de tiempo de la firma de c\u00f3digo es anterior al 12 de abril de 2017, 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (la marca de tiempo de la firma de c\u00f3digo es anterior al 12 de abril de 2017, 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (la marca de tiempo de la firma de c\u00f3digo es anterior al 3 de noviembre de 2017, 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (la marca de tiempo de la firma de c\u00f3digo es anterior al 26 de mayo de 2017, 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (la marca de tiempo de la firma de c\u00f3digo es anterior al 25 de agosto de 2015, 08:51 UTC.) permite que un atacante consiga privilegios utilizando un archivo DLL troyano en un directorio no especificado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-426\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujifilm:apeosport-vi:c2271:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FBA07D9-E4B8-42E9-BA2B-9EC1A2618524\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujifilm:apeosport-vi:c3371:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F45F8CC7-1945-4828-87D0-6056075D11D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujifilm:apeosport-vi:c4471:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7D6C68A-8B63-441E-9ED3-CE7FE854D875\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujifilm:apeosport-vi:c5571:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E8E8F80-B567-4386-9563-F5774B57738D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujifilm:apeosport-vi:c6671:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36DEB232-7CC1-49D1-9097-617C4C8D7E1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujifilm:apeosport-vi:c7771:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5709EB00-593F-4B82-9DB9-DF68C24CD6E9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujifilm:docucentre-vi:c2271:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80B77A6D-6B3B-43C9-A119-0EE0806EE6CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujifilm:docucentre-vi:c3371:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFA19720-37CD-4C00-89FC-EC26E11CE375\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujifilm:docucentre-vi:c4471:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"219EF658-013B-44D6-A338-9F45B96898E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujifilm:docucentre-vi:c5571:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D7C9A55-D9E2-4DA9-9739-6CF1DCAC5011\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujifilm:docucentre-vi:c6671:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B00442C-5B00-4BDB-9B7F-C52768E9A97A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujifilm:docucentre-vi:c7771:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AB1978C-5209-4655-9856-C94B22914C0B\"}]}]}],\"references\":[{\"url\":\"http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN09769017/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN09769017/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

ghsa-v8xq-v2w7-r84c

Vulnerability from github

Published

2022-05-13 01:10

Modified

2022-05-13 01:10

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-10850"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-01T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",
  "id": "GHSA-v8xq-v2w7-r84c",
  "modified": "2022-05-13T01:10:41Z",
  "published": "2022-05-13T01:10:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10850"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN09769017/index.html"
    },
    {
      "type": "WEB",
      "url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2017-10850

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-10850

Aliases

CVE-2017-10850

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-10850",
    "description": "Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",
    "id": "GSD-2017-10850"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-10850"
      ],
      "details": "Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",
      "id": "GSD-2017-10850",
      "modified": "2023-12-13T01:21:14.327929Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2017-10850",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Installer of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Installer of ART EX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Installer of XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Installer of XPS Print Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Installer of ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Timestamp of code signing is before 26 May 2017 07:44 UTC"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Installer of ART EX Direct FAX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Timestamp of code signing is before 26 May 2017 07:44 UTC"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Installer of Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Installer of Setting Restore Tool for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fuji Xerox Co.,Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Untrusted search path vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#09769017",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN09769017/index.html"
          },
          {
            "name": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html",
            "refsource": "CONFIRM",
            "url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fujifilm:apeosport-vi:c2271:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujifilm:apeosport-vi:c3371:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujifilm:apeosport-vi:c4471:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujifilm:apeosport-vi:c5571:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujifilm:apeosport-vi:c6671:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujifilm:apeosport-vi:c7771:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fujifilm:docucentre-vi:c2271:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujifilm:docucentre-vi:c3371:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujifilm:docucentre-vi:c4471:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujifilm:docucentre-vi:c5571:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujifilm:docucentre-vi:c6671:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujifilm:docucentre-vi:c7771:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-10850"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-426"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#09769017",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://jvn.jp/en/jp/JVN09769017/index.html"
            },
            {
              "name": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-04-23T13:16Z",
      "publishedDate": "2017-09-01T14:29Z"
    }
  }
}

cnvd-2017-30714

Vulnerability from cnvd

Title

多款Fuji Xerox产品安装程序不受信任搜索路径漏洞

Description

Fuji Xerox DocuCentre-VI和ApeosPort-VI是数码复合机PCL打印驱动。多款Fuji Xerox产品安装程序存在不受信任搜索路径漏洞。允许攻击者通过在一个未知的木马DLL目录，获得特权。

Severity

高

Patch Name

多款Fuji Xerox产品安装程序不受信任搜索路径漏洞的补丁

Patch Description

Fuji Xerox DocuCentre-VI和ApeosPort-VI是数码复合机PCL打印驱动。多款Fuji Xerox产品安装程序存在不受信任搜索路径漏洞。允许攻击者通过在一个未知的木马DLL目录，获得特权。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： http://jvn.jp/en/jp/JVN09769017/index.html

Reference

http://jvn.jp/en/jp/JVN09769017/index.html

Impacted products

Name
['Fuji Xerox Co.,Ltd. DocuCentre-VI c2271', 'Fuji Xerox Co.,Ltd. DocuCentre-VI c3371', 'Fuji Xerox Co.,Ltd. DocuCentre-VI c4471', 'Fuji Xerox Co.,Ltd. DocuCentre-VI c5571', 'Fuji Xerox Co.,Ltd. DocuCentre-VI c6671', 'Fuji Xerox Co.,Ltd. DocuCentre-VI c7771', 'Fuji Xerox Co.,Ltd. ApeosPort-VI c2271', 'Fuji Xerox Co.,Ltd. ApeosPort-VI c3371', 'Fuji Xerox Co.,Ltd. ApeosPort-VI c4471', 'Fuji Xerox Co.,Ltd. ApeosPort-VI c5571', 'Fuji Xerox Co.,Ltd. ApeosPort-VI c6671', 'Fuji Xerox Co.,Ltd. ApeosPort-VI c7771']

Name

['Fuji Xerox Co.,Ltd. DocuCentre-VI c2271', 'Fuji Xerox Co.,Ltd. DocuCentre-VI c3371', 'Fuji Xerox Co.,Ltd. DocuCentre-VI c4471', 'Fuji Xerox Co.,Ltd. DocuCentre-VI c5571', 'Fuji Xerox Co.,Ltd. DocuCentre-VI c6671', 'Fuji Xerox Co.,Ltd. DocuCentre-VI c7771', 'Fuji Xerox Co.,Ltd. ApeosPort-VI c2271', 'Fuji Xerox Co.,Ltd. ApeosPort-VI c3371', 'Fuji Xerox Co.,Ltd. ApeosPort-VI c4471', 'Fuji Xerox Co.,Ltd. ApeosPort-VI c5571', 'Fuji Xerox Co.,Ltd. ApeosPort-VI c6671', 'Fuji Xerox Co.,Ltd. ApeosPort-VI c7771']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-10850"
    }
  },
  "description": "Fuji Xerox DocuCentre-VI\u548cApeosPort-VI\u662f\u6570\u7801\u590d\u5408\u673aPCL\u6253\u5370\u9a71\u52a8\u3002\r\n\r\n\u591a\u6b3eFuji Xerox\u4ea7\u54c1\u5b89\u88c5\u7a0b\u5e8f\u5b58\u5728\u4e0d\u53d7\u4fe1\u4efb\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u5728\u4e00\u4e2a\u672a\u77e5\u7684\u6728\u9a6cDLL\u76ee\u5f55\uff0c\u83b7\u5f97\u7279\u6743\u3002",
  "discovererName": "Eili Masami of Tachibana Lab.",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://jvn.jp/en/jp/JVN09769017/index.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-30714",
  "openTime": "2017-10-19",
  "patchDescription": "Fuji Xerox DocuCentre-VI\u548cApeosPort-VI\u662f\u6570\u7801\u590d\u5408\u673aPCL\u6253\u5370\u9a71\u52a8\u3002\r\n\r\n\u591a\u6b3eFuji Xerox\u4ea7\u54c1\u5b89\u88c5\u7a0b\u5e8f\u5b58\u5728\u4e0d\u53d7\u4fe1\u4efb\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u5728\u4e00\u4e2a\u672a\u77e5\u7684\u6728\u9a6cDLL\u76ee\u5f55\uff0c\u83b7\u5f97\u7279\u6743\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eFuji Xerox\u4ea7\u54c1\u5b89\u88c5\u7a0b\u5e8f\u4e0d\u53d7\u4fe1\u4efb\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Fuji Xerox Co.,Ltd. DocuCentre-VI c2271",
      "Fuji Xerox Co.,Ltd. DocuCentre-VI c3371",
      "Fuji Xerox Co.,Ltd. DocuCentre-VI c4471",
      "Fuji Xerox Co.,Ltd. DocuCentre-VI c5571",
      "Fuji Xerox Co.,Ltd. DocuCentre-VI c6671",
      "Fuji Xerox Co.,Ltd. DocuCentre-VI c7771",
      "Fuji Xerox Co.,Ltd. ApeosPort-VI c2271",
      "Fuji Xerox Co.,Ltd. ApeosPort-VI c3371",
      "Fuji Xerox Co.,Ltd. ApeosPort-VI c4471",
      "Fuji Xerox Co.,Ltd. ApeosPort-VI c5571",
      "Fuji Xerox Co.,Ltd. ApeosPort-VI c6671",
      "Fuji Xerox Co.,Ltd. ApeosPort-VI c7771"
    ]
  },
  "referenceLink": "http://jvn.jp/en/jp/JVN09769017/index.html",
  "serverity": "\u9ad8",
  "submitTime": "2017-08-31",
  "title": "\u591a\u6b3eFuji Xerox\u4ea7\u54c1\u5b89\u88c5\u7a0b\u5e8f\u4e0d\u53d7\u4fe1\u4efb\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e"
}

var-201709-0219

Vulnerability from variot

Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Installers for multiple products provided by Fuji Xerox Co., Ltd. DocuWorks For self-extracting documents, DLL There is a problem with the search path when reading or executing a self-extracting document, which is unintended. DLL Reading vulnerability (CWE-427) Exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Tachibana Research Institute Hidetoshi Masami MrThe expected impact depends on each vulnerability, but it may be affected as follows. -Arbitrary code is executed with administrator privileges when the installer is started. - CVE-2017-10848, CVE-2017-10850, CVE-2017-10851 ・ DocuWorks Arbitrary code is executed with the authority of the user who executed the self-extracting document - CVE-2017-10849. FujiXeroxDocuCentre-VI and ApeosPort-VI are digital copier PCL print drivers. There are several untrusted search path vulnerabilities in the FujiXerox product installer. Allows an attacker to gain privileges by logging in an unknown Trojan DLL directory

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201709-0219",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "apeosport-vi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujifilm",
        "version": "c4471"
      },
      {
        "model": "apeosport-vi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujifilm",
        "version": "c2271"
      },
      {
        "model": "docucentre-vi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujifilm",
        "version": "c6671"
      },
      {
        "model": "apeosport-vi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujifilm",
        "version": "c7771"
      },
      {
        "model": "docucentre-vi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujifilm",
        "version": "c2271"
      },
      {
        "model": "apeosport-vi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujifilm",
        "version": "c5571"
      },
      {
        "model": "apeosport-vi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujifilm",
        "version": "c3371"
      },
      {
        "model": "docucentre-vi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujifilm",
        "version": "c4471"
      },
      {
        "model": "docucentre-vi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujifilm",
        "version": "c7771"
      },
      {
        "model": "apeosport-vi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujifilm",
        "version": "c6671"
      },
      {
        "model": "docucentre-vi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujifilm",
        "version": "c5571"
      },
      {
        "model": "docucentre-vi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujifilm",
        "version": "c3371"
      },
      {
        "model": "contentsbridge utility",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "docuworks viewer light",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "apeosport-vi",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "docucentre-vi",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
        "version": "c7771/c6671/c5571/c4471/c3371/c2271  for  art ex  driver installer  ( digitally signed time stamp is japan time  2017 year 4 moon 12 day  11:04  before )(cve-2017-10850)"
      },
      {
        "model": "docucentre-vi",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
        "version": "c7771/c6671/c5571/c4471/c3371/c2271  for  postscript  driver  microsoft pscript for  +  function addition  plugin + ppd file   installer  ( digitally signed time stamp is japan time  2017 year 4 moon 12 day  11:10  before )(cve-2017-10850)"
      },
      {
        "model": "docucentre-vi",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
        "version": "c7771/c6671/c5571/c4471/c3371/c2271  for  xps  supported driver installer  ( digitally signed time stamp is japan time  2016 year 11 moon 4 day  08:48  before )(cve-2017-10850)"
      },
      {
        "model": "docucentre-vi",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
        "version": "c7771/c6671/c5571/c4471/c3371/c2271  for  art ex direct fax driver installer ( digitally signed time stamp is japan time  2017 year 5 moon 26 day  16:44  before )(cve-2017-10850)"
      },
      {
        "model": "docucentre-vi",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
        "version": "c7771/c6671/c5571/c4471/c3371/c2271  configuration restore tool installer for  ( digitally signed time stamp is japan time  2015 year 8 moon 25 day  17:51  before )(cve-2017-10850)"
      },
      {
        "model": "xerox co.,ltd. docucentre-vi c2271",
        "scope": null,
        "trust": 0.6,
        "vendor": "fuji",
        "version": null
      },
      {
        "model": "xerox co.,ltd. docucentre-vi c3371",
        "scope": null,
        "trust": 0.6,
        "vendor": "fuji",
        "version": null
      },
      {
        "model": "xerox co.,ltd. docucentre-vi c4471",
        "scope": null,
        "trust": 0.6,
        "vendor": "fuji",
        "version": null
      },
      {
        "model": "xerox co.,ltd. docucentre-vi c5571",
        "scope": null,
        "trust": 0.6,
        "vendor": "fuji",
        "version": null
      },
      {
        "model": "xerox co.,ltd. docucentre-vi c6671",
        "scope": null,
        "trust": 0.6,
        "vendor": "fuji",
        "version": null
      },
      {
        "model": "xerox co.,ltd. docucentre-vi c7771",
        "scope": null,
        "trust": 0.6,
        "vendor": "fuji",
        "version": null
      },
      {
        "model": "xerox co.,ltd. apeosport-vi c2271",
        "scope": null,
        "trust": 0.6,
        "vendor": "fuji",
        "version": null
      },
      {
        "model": "xerox co.,ltd. apeosport-vi c3371",
        "scope": null,
        "trust": 0.6,
        "vendor": "fuji",
        "version": null
      },
      {
        "model": "xerox co.,ltd. apeosport-vi c4471",
        "scope": null,
        "trust": 0.6,
        "vendor": "fuji",
        "version": null
      },
      {
        "model": "xerox co.,ltd. apeosport-vi c5571",
        "scope": null,
        "trust": 0.6,
        "vendor": "fuji",
        "version": null
      },
      {
        "model": "xerox co.,ltd. apeosport-vi c6671",
        "scope": null,
        "trust": 0.6,
        "vendor": "fuji",
        "version": null
      },
      {
        "model": "xerox co.,ltd. apeosport-vi c7771",
        "scope": null,
        "trust": 0.6,
        "vendor": "fuji",
        "version": null
      },
      {
        "model": "docucentre-vi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fujixerox",
        "version": "c4471"
      },
      {
        "model": "docucentre-vi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fujixerox",
        "version": "c2271"
      },
      {
        "model": "docucentre-vi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fujixerox",
        "version": "c5571"
      },
      {
        "model": "apeosport-vi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fujixerox",
        "version": "c3371"
      },
      {
        "model": "docucentre-vi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fujixerox",
        "version": "c7771"
      },
      {
        "model": "apeosport-vi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fujixerox",
        "version": "c2271"
      },
      {
        "model": "apeosport-vi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fujixerox",
        "version": "c5571"
      },
      {
        "model": "docucentre-vi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fujixerox",
        "version": "c6671"
      },
      {
        "model": "apeosport-vi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fujixerox",
        "version": "c7771"
      },
      {
        "model": "docucentre-vi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fujixerox",
        "version": "c3371"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-30714"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-028"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10850"
      }
    ]
  },
  "cve": "CVE-2017-10850",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-10850",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000219",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2017-30714",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2017-10850",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000219",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-10850",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2017-000219",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-30714",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201709-028",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-30714"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-028"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10850"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Installers for multiple products provided by Fuji Xerox Co., Ltd. DocuWorks For self-extracting documents, DLL There is a problem with the search path when reading or executing a self-extracting document, which is unintended. DLL Reading vulnerability (CWE-427) Exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Tachibana Research Institute Hidetoshi Masami MrThe expected impact depends on each vulnerability, but it may be affected as follows. -Arbitrary code is executed with administrator privileges when the installer is started. - CVE-2017-10848, CVE-2017-10850, CVE-2017-10851 \u30fb DocuWorks Arbitrary code is executed with the authority of the user who executed the self-extracting document - CVE-2017-10849. FujiXeroxDocuCentre-VI and ApeosPort-VI are digital copier PCL print drivers. There are several untrusted search path vulnerabilities in the FujiXerox product installer. Allows an attacker to gain privileges by logging in an unknown Trojan DLL directory",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-10850"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000219"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-30714"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-10850",
        "trust": 3.0
      },
      {
        "db": "JVN",
        "id": "JVN09769017",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000219",
        "trust": 1.4
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-30714",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-028",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-30714"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-028"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10850"
      }
    ]
  },
  "id": "VAR-201709-0219",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-30714"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-30714"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:22:25.268000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "In the software provided by us DLL About read vulnerability",
        "trust": 0.8,
        "url": "https://www.fujifilm.com/fb/company/news/notice/2017/0831_rectification_work.html"
      },
      {
        "title": "Patches for multiple FujiXerox product installers untrusted search path vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/104093"
      },
      {
        "title": "Fuji Xerox ApeosPort-VI  and DocuCentre-VI Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147283"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-30714"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-028"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-426",
        "trust": 1.0
      },
      {
        "problemtype": "Other (CWE-Other) [IPA Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000219"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10850"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://jvn.jp/en/jp/jvn09769017/index.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/jp/jvn09769017/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/ta/jvnta91240916/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-10848"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-10849"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-10850"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-10851"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2017/jvndb-2017-000219.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-30714"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-028"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10850"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-30714"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-028"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10850"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-10-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-30714"
      },
      {
        "date": "2017-08-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000219"
      },
      {
        "date": "2017-09-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-028"
      },
      {
        "date": "2017-09-01T14:29:00.290000",
        "db": "NVD",
        "id": "CVE-2017-10850"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-10-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-30714"
      },
      {
        "date": "2021-04-12T04:30:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000219"
      },
      {
        "date": "2021-04-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-028"
      },
      {
        "date": "2024-11-21T03:06:37.827000",
        "db": "NVD",
        "id": "CVE-2017-10850"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-028"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In multiple products manufactured by Fuji Xerox Co., Ltd. \u00a0DLL\u00a0 Read vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000219"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-028"
      }
    ],
    "trust": 0.6
  }
}

CVE-2017-10850

Vulnerability from jvndb

Published

2017-08-31 16:35

Modified

2021-04-12 13:30

Severity ?

7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Multiple Fuji Xerox products may insecurely load Dynamic Link Libraries

Details

Installers of multiple products, and DocuWorks self-extracting documents provided by Fuji Xerox Co.,Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN09769017/index.html
	JVN	https://jvn.jp/en/ta/JVNTA91240916/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10848
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10849
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10850
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10851
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-10848
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-10849
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-10850
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-10851
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)	ContentsBridge Utility
	FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)	DocuWorks
	FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)	DocuWorks Viewer Light
	FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)	ApeosPort-VI
	FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)	DocuCentre-VI

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000219.html",
  "dc:date": "2021-04-12T13:30+09:00",
  "dcterms:issued": "2017-08-31T16:35+09:00",
  "dcterms:modified": "2021-04-12T13:30+09:00",
  "description": "Installers of multiple products, and DocuWorks self-extracting documents provided by Fuji Xerox Co.,Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000219.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:fuji_xerox:contentsbridge_utility",
      "@product": "ContentsBridge Utility",
      "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fuji_xerox:docuworks",
      "@product": "DocuWorks",
      "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fuji_xerox:docuworks_viewer_light",
      "@product": "DocuWorks Viewer Light",
      "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:fuji_xerox:apeosport-vi",
      "@product": "ApeosPort-VI",
      "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:fuji_xerox:docucentre-vi",
      "@product": "DocuCentre-VI",
      "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000219",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN09769017/index.html",
      "@id": "JVN#09769017",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10848",
      "@id": "CVE-2017-10848",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10849",
      "@id": "CVE-2017-10849",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10850",
      "@id": "CVE-2017-10850",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10851",
      "@id": "CVE-2017-10851",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10848",
      "@id": "CVE-2017-10848",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10849",
      "@id": "CVE-2017-10849",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10850",
      "@id": "CVE-2017-10850",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10851",
      "@id": "CVE-2017-10851",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple Fuji Xerox products may insecurely load Dynamic Link Libraries"
}

fkie_cve-2017-10850

Vulnerability from fkie_nvd

Published

2017-09-01 14:29

Modified

2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html	Vendor Advisory
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN09769017/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN09769017/index.html	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
fujifilm	apeosport-vi	c2271
fujifilm	apeosport-vi	c3371
fujifilm	apeosport-vi	c4471
fujifilm	apeosport-vi	c5571
fujifilm	apeosport-vi	c6671
fujifilm	apeosport-vi	c7771
fujifilm	docucentre-vi	c2271
fujifilm	docucentre-vi	c3371
fujifilm	docucentre-vi	c4471
fujifilm	docucentre-vi	c5571
fujifilm	docucentre-vi	c6671
fujifilm	docucentre-vi	c7771

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fujifilm:apeosport-vi:c2271:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FBA07D9-E4B8-42E9-BA2B-9EC1A2618524",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujifilm:apeosport-vi:c3371:*:*:*:*:*:*:*",
              "matchCriteriaId": "F45F8CC7-1945-4828-87D0-6056075D11D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujifilm:apeosport-vi:c4471:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7D6C68A-8B63-441E-9ED3-CE7FE854D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujifilm:apeosport-vi:c5571:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8E8F80-B567-4386-9563-F5774B57738D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujifilm:apeosport-vi:c6671:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DEB232-7CC1-49D1-9097-617C4C8D7E1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujifilm:apeosport-vi:c7771:*:*:*:*:*:*:*",
              "matchCriteriaId": "5709EB00-593F-4B82-9DB9-DF68C24CD6E9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fujifilm:docucentre-vi:c2271:*:*:*:*:*:*:*",
              "matchCriteriaId": "80B77A6D-6B3B-43C9-A119-0EE0806EE6CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujifilm:docucentre-vi:c3371:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFA19720-37CD-4C00-89FC-EC26E11CE375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujifilm:docucentre-vi:c4471:*:*:*:*:*:*:*",
              "matchCriteriaId": "219EF658-013B-44D6-A338-9F45B96898E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujifilm:docucentre-vi:c5571:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D7C9A55-D9E2-4DA9-9739-6CF1DCAC5011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujifilm:docucentre-vi:c6671:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B00442C-5B00-4BDB-9B7F-C52768E9A97A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujifilm:docucentre-vi:c7771:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AB1978C-5209-4655-9856-C94B22914C0B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo ruta de b\u00fasqueda no confiable en los instaladores del controlador ART EX para ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (la marca de tiempo de la firma de c\u00f3digo es anterior al 12 de abril de 2017, 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (la marca de tiempo de la firma de c\u00f3digo es anterior al 12 de abril de 2017, 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (la marca de tiempo de la firma de c\u00f3digo es anterior al 3 de noviembre de 2017, 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (la marca de tiempo de la firma de c\u00f3digo es anterior al 26 de mayo de 2017, 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (la marca de tiempo de la firma de c\u00f3digo es anterior al 25 de agosto de 2015, 08:51 UTC.) permite que un atacante consiga privilegios utilizando un archivo DLL troyano en un directorio no especificado."
    }
  ],
  "id": "CVE-2017-10850",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-01T14:29:00.290",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN09769017/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN09769017/index.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-10850 (GCVE-0-2017-10850)

Vulnerability from cvelistv5

ghsa-v8xq-v2w7-r84c

Vulnerability from github

gsd-2017-10850

Vulnerability from gsd

cnvd-2017-30714

Vulnerability from cnvd

var-201709-0219

Vulnerability from variot

CVE-2017-10850

Vulnerability from jvndb

fkie_cve-2017-10850

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature