CVE-2017-10850

Summary

CVE	CVE-2017-10850
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-09-01 14:29:00 UTC
Updated	2021-04-23 13:16:00 UTC
Description	Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Risk And Classification

Problem Types: CWE-426

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Fujifilm	Apeosport-vi	c2271	All	All	All
Application	Fujifilm	Apeosport-vi	c3371	All	All	All
Application	Fujifilm	Apeosport-vi	c4471	All	All	All
Application	Fujifilm	Apeosport-vi	c5571	All	All	All
Application	Fujifilm	Apeosport-vi	c6671	All	All	All
Application	Fujifilm	Apeosport-vi	c7771	All	All	All
Application	Fujifilm	Docucentre-vi	c2271	All	All	All
Application	Fujifilm	Docucentre-vi	c3371	All	All	All
Application	Fujifilm	Docucentre-vi	c4471	All	All	All
Application	Fujifilm	Docucentre-vi	c5571	All	All	All
Application	Fujifilm	Docucentre-vi	c6671	All	All	All
Application	Fujifilm	Docucentre-vi	c7771	All	All	All
Application	Fujixerox	Apeosport-vi	c2271	All	All	All
Application	Fujixerox	Apeosport-vi	c3371	All	All	All
Application	Fujixerox	Apeosport-vi	c4471	All	All	All
Application	Fujixerox	Apeosport-vi	c5571	All	All	All
Application	Fujixerox	Apeosport-vi	c6671	All	All	All
Application	Fujixerox	Apeosport-vi	c7771	All	All	All
Application	Fujixerox	Apeosport-vi	c2271	All	All	All
Application	Fujixerox	Apeosport-vi	c3371	All	All	All
Application	Fujixerox	Apeosport-vi	c4471	All	All	All
Application	Fujixerox	Apeosport-vi	c5571	All	All	All
Application	Fujixerox	Apeosport-vi	c6671	All	All	All
Application	Fujixerox	Apeosport-vi	c7771	All	All	All
Application	Fujixerox	Docucentre-vi	c2271	All	All	All
Application	Fujixerox	Docucentre-vi	c3371	All	All	All
Application	Fujixerox	Docucentre-vi	c4471	All	All	All
Application	Fujixerox	Docucentre-vi	c5571	All	All	All
Application	Fujixerox	Docucentre-vi	c6671	All	All	All
Application	Fujixerox	Docucentre-vi	c7771	All	All	All
Application	Fujixerox	Docucentre-vi	c2271	All	All	All
Application	Fujixerox	Docucentre-vi	c3371	All	All	All
Application	Fujixerox	Docucentre-vi	c4471	All	All	All
Application	Fujixerox	Docucentre-vi	c5571	All	All	All
Application	Fujixerox	Docucentre-vi	c6671	All	All	All
Application	Fujixerox	Docucentre-vi	c7771	All	All	All

References

Reference	Source	Link	Tags
JVN#09769017: Multiple Fuji Xerox products may insecurely load Dynamic Link Libraries	JVN	jvn.jp	Third Party Advisory, VDB Entry
弊社提供ソフトウェアにおけるDLL読込みに関する脆弱性について : 企業情報 : 富士ゼロックス	CONFIRM	www.fujixerox.co.jp	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.