Search criteria
4 vulnerabilities found for docucentre-vi by fujifilm
VAR-201709-0219
Vulnerability from variot - Updated: 2023-12-18 12:29Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Installers for multiple products provided by Fuji Xerox Co., Ltd. DocuWorks For self-extracting documents, DLL There is a problem with the search path when reading or executing a self-extracting document, which is unintended. DLL Reading vulnerability (CWE-427) Exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Tachibana Research Institute Hidetoshi Masami MrThe expected impact depends on each vulnerability, but it may be affected as follows. -Arbitrary code is executed with administrator privileges when the installer is started. - CVE-2017-10848, CVE-2017-10850, CVE-2017-10851 ・ DocuWorks Arbitrary code is executed with the authority of the user who executed the self-extracting document - CVE-2017-10849. FujiXeroxDocuCentre-VI and ApeosPort-VI are digital copier PCL print drivers. There are several untrusted search path vulnerabilities in the FujiXerox product installer. Allows an attacker to gain privileges by logging in an unknown Trojan DLL directory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0219",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c6671"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c3371"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c4471"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c7771"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c2271"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c4471"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c7771"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c2271"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c5571"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c6671"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c3371"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c5571"
},
{
"model": "contentsbridge utility",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "docuworks viewer light",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "apeosport-vi",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "c7771/c6671/c5571/c4471/c3371/c2271 for art ex driver installer ( digitally signed time stamp is japan time 2017 year 4 moon 12 day 11:04 before )(cve-2017-10850)"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "c7771/c6671/c5571/c4471/c3371/c2271 for postscript driver microsoft pscript for + function addition plugin + ppd file installer ( digitally signed time stamp is japan time 2017 year 4 moon 12 day 11:10 before )(cve-2017-10850)"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "c7771/c6671/c5571/c4471/c3371/c2271 for xps supported driver installer ( digitally signed time stamp is japan time 2016 year 11 moon 4 day 08:48 before )(cve-2017-10850)"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "c7771/c6671/c5571/c4471/c3371/c2271 for art ex direct fax driver installer ( digitally signed time stamp is japan time 2017 year 5 moon 26 day 16:44 before )(cve-2017-10850)"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "c7771/c6671/c5571/c4471/c3371/c2271 configuration restore tool installer for ( digitally signed time stamp is japan time 2015 year 8 moon 25 day 17:51 before )(cve-2017-10850)"
},
{
"model": "xerox co.,ltd. docucentre-vi c2271",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. docucentre-vi c3371",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. docucentre-vi c4471",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. docucentre-vi c5571",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. docucentre-vi c6671",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. docucentre-vi c7771",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. apeosport-vi c2271",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. apeosport-vi c3371",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. apeosport-vi c4471",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. apeosport-vi c5571",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. apeosport-vi c6671",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. apeosport-vi c7771",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c4471"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c2271"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c5571"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c3371"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c7771"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c2271"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c5571"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c6671"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c7771"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c3371"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"db": "NVD",
"id": "CVE-2017-10850"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fujifilm:apeosport-vi:c2271:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:apeosport-vi:c3371:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:apeosport-vi:c4471:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:apeosport-vi:c5571:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:apeosport-vi:c6671:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:apeosport-vi:c7771:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fujifilm:docucentre-vi:c2271:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:docucentre-vi:c3371:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:docucentre-vi:c4471:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:docucentre-vi:c5571:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:docucentre-vi:c6671:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:docucentre-vi:c7771:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10850"
}
]
},
"cve": "CVE-2017-10850",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000219",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-30714",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000219",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-10850",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000219",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-30714",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-028",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"db": "NVD",
"id": "CVE-2017-10850"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Installers for multiple products provided by Fuji Xerox Co., Ltd. DocuWorks For self-extracting documents, DLL There is a problem with the search path when reading or executing a self-extracting document, which is unintended. DLL Reading vulnerability (CWE-427) Exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Tachibana Research Institute Hidetoshi Masami MrThe expected impact depends on each vulnerability, but it may be affected as follows. -Arbitrary code is executed with administrator privileges when the installer is started. - CVE-2017-10848, CVE-2017-10850, CVE-2017-10851 \u30fb DocuWorks Arbitrary code is executed with the authority of the user who executed the self-extracting document - CVE-2017-10849. FujiXeroxDocuCentre-VI and ApeosPort-VI are digital copier PCL print drivers. There are several untrusted search path vulnerabilities in the FujiXerox product installer. Allows an attacker to gain privileges by logging in an unknown Trojan DLL directory",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10850"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"db": "CNVD",
"id": "CNVD-2017-30714"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10850",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVN09769017",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000219",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2017-30714",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201709-028",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"db": "NVD",
"id": "CVE-2017-10850"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
]
},
"id": "VAR-201709-0219",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30714"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30714"
}
]
},
"last_update_date": "2023-12-18T12:29:28.607000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "In the software provided by us DLL About read vulnerability",
"trust": 0.8,
"url": "https://www.fujifilm.com/fb/company/news/notice/2017/0831_rectification_work.html"
},
{
"title": "Patches for multiple FujiXerox product installers untrusted search path vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/104093"
},
{
"title": "Fuji Xerox ApeosPort-VI and DocuCentre-VI Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=147283"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-426",
"trust": 1.0
},
{
"problemtype": "Other (CWE-Other) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"db": "NVD",
"id": "CVE-2017-10850"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://jvn.jp/en/jp/jvn09769017/index.html"
},
{
"trust": 1.6,
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn09769017/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/ta/jvnta91240916/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10848"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10849"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10850"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10851"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2017/jvndb-2017-000219.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"db": "NVD",
"id": "CVE-2017-10850"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-30714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"db": "NVD",
"id": "CVE-2017-10850"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30714"
},
{
"date": "2017-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"date": "2017-09-01T14:29:00.290000",
"db": "NVD",
"id": "CVE-2017-10850"
},
{
"date": "2017-09-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30714"
},
{
"date": "2021-04-12T04:30:00",
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"date": "2021-04-23T13:16:33.070000",
"db": "NVD",
"id": "CVE-2017-10850"
},
{
"date": "2021-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In multiple products manufactured by Fuji Xerox Co., Ltd. \u00a0DLL\u00a0 Read vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000219"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
],
"trust": 0.6
}
}
FKIE_CVE-2017-10850
Vulnerability from fkie_nvd - Published: 2017-09-01 14:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN09769017/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN09769017/index.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fujifilm | apeosport-vi | c2271 | |
| fujifilm | apeosport-vi | c3371 | |
| fujifilm | apeosport-vi | c4471 | |
| fujifilm | apeosport-vi | c5571 | |
| fujifilm | apeosport-vi | c6671 | |
| fujifilm | apeosport-vi | c7771 | |
| fujifilm | docucentre-vi | c2271 | |
| fujifilm | docucentre-vi | c3371 | |
| fujifilm | docucentre-vi | c4471 | |
| fujifilm | docucentre-vi | c5571 | |
| fujifilm | docucentre-vi | c6671 | |
| fujifilm | docucentre-vi | c7771 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujifilm:apeosport-vi:c2271:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBA07D9-E4B8-42E9-BA2B-9EC1A2618524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fujifilm:apeosport-vi:c3371:*:*:*:*:*:*:*",
"matchCriteriaId": "F45F8CC7-1945-4828-87D0-6056075D11D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fujifilm:apeosport-vi:c4471:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D6C68A-8B63-441E-9ED3-CE7FE854D875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fujifilm:apeosport-vi:c5571:*:*:*:*:*:*:*",
"matchCriteriaId": "3E8E8F80-B567-4386-9563-F5774B57738D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fujifilm:apeosport-vi:c6671:*:*:*:*:*:*:*",
"matchCriteriaId": "36DEB232-7CC1-49D1-9097-617C4C8D7E1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fujifilm:apeosport-vi:c7771:*:*:*:*:*:*:*",
"matchCriteriaId": "5709EB00-593F-4B82-9DB9-DF68C24CD6E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujifilm:docucentre-vi:c2271:*:*:*:*:*:*:*",
"matchCriteriaId": "80B77A6D-6B3B-43C9-A119-0EE0806EE6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fujifilm:docucentre-vi:c3371:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA19720-37CD-4C00-89FC-EC26E11CE375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fujifilm:docucentre-vi:c4471:*:*:*:*:*:*:*",
"matchCriteriaId": "219EF658-013B-44D6-A338-9F45B96898E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fujifilm:docucentre-vi:c5571:*:*:*:*:*:*:*",
"matchCriteriaId": "1D7C9A55-D9E2-4DA9-9739-6CF1DCAC5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fujifilm:docucentre-vi:c6671:*:*:*:*:*:*:*",
"matchCriteriaId": "4B00442C-5B00-4BDB-9B7F-C52768E9A97A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fujifilm:docucentre-vi:c7771:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB1978C-5209-4655-9856-C94B22914C0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo ruta de b\u00fasqueda no confiable en los instaladores del controlador ART EX para ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (la marca de tiempo de la firma de c\u00f3digo es anterior al 12 de abril de 2017, 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (la marca de tiempo de la firma de c\u00f3digo es anterior al 12 de abril de 2017, 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (la marca de tiempo de la firma de c\u00f3digo es anterior al 3 de noviembre de 2017, 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (la marca de tiempo de la firma de c\u00f3digo es anterior al 26 de mayo de 2017, 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (la marca de tiempo de la firma de c\u00f3digo es anterior al 25 de agosto de 2015, 08:51 UTC.) permite que un atacante consiga privilegios utilizando un archivo DLL troyano en un directorio no especificado."
}
],
"id": "CVE-2017-10850",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-01T14:29:00.290",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-10850 (GCVE-0-2017-10850)
Vulnerability from cvelistv5 – Published: 2017-09-01 14:00 – Updated: 2024-08-05 17:50
VLAI?
Summary
Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity ?
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#09769017",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
}
]
},
{
"product": "Installer of ART EX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
}
]
},
{
"product": "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
}
]
},
{
"product": "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
}
]
},
{
"product": "Installer of XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
}
]
},
{
"product": "Installer of XPS Print Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
}
]
},
{
"product": "Installer of ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 26 May 2017 07:44 UTC"
}
]
},
{
"product": "Installer of ART EX Direct FAX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 26 May 2017 07:44 UTC"
}
]
},
{
"product": "Installer of Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
}
]
},
{
"product": "Installer of Setting Restore Tool for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
}
]
}
],
"datePublic": "2017-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#09769017",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
}
]
}
},
{
"product_name": "Installer of ART EX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
}
]
}
},
{
"product_name": "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
}
]
}
},
{
"product_name": "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
}
]
}
},
{
"product_name": "Installer of XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
}
]
}
},
{
"product_name": "Installer of XPS Print Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
}
]
}
},
{
"product_name": "Installer of ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 26 May 2017 07:44 UTC"
}
]
}
},
{
"product_name": "Installer of ART EX Direct FAX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 26 May 2017 07:44 UTC"
}
]
}
},
{
"product_name": "Installer of Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
}
]
}
},
{
"product_name": "Installer of Setting Restore Tool for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#09769017",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"name": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html",
"refsource": "CONFIRM",
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10850",
"datePublished": "2017-09-01T14:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10850 (GCVE-0-2017-10850)
Vulnerability from nvd – Published: 2017-09-01 14:00 – Updated: 2024-08-05 17:50
VLAI?
Summary
Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity ?
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Fuji Xerox Co.,Ltd. | Installer of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 |
Affected:
Timestamp of code signing is before 12 Apr 2017 02:04 UTC
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#09769017",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
}
]
},
{
"product": "Installer of ART EX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
}
]
},
{
"product": "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
}
]
},
{
"product": "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
}
]
},
{
"product": "Installer of XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
}
]
},
{
"product": "Installer of XPS Print Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
}
]
},
{
"product": "Installer of ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 26 May 2017 07:44 UTC"
}
]
},
{
"product": "Installer of ART EX Direct FAX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 26 May 2017 07:44 UTC"
}
]
},
{
"product": "Installer of Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
}
]
},
{
"product": "Installer of Setting Restore Tool for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
}
]
}
],
"datePublic": "2017-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#09769017",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
}
]
}
},
{
"product_name": "Installer of ART EX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
}
]
}
},
{
"product_name": "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
}
]
}
},
{
"product_name": "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
}
]
}
},
{
"product_name": "Installer of XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
}
]
}
},
{
"product_name": "Installer of XPS Print Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
}
]
}
},
{
"product_name": "Installer of ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 26 May 2017 07:44 UTC"
}
]
}
},
{
"product_name": "Installer of ART EX Direct FAX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 26 May 2017 07:44 UTC"
}
]
}
},
{
"product_name": "Installer of Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
}
]
}
},
{
"product_name": "Installer of Setting Restore Tool for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#09769017",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"name": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html",
"refsource": "CONFIRM",
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10850",
"datePublished": "2017-09-01T14:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}