Multiple Xerox Devices Multiple Remote Code Execution Vulnerabilities

Bugtraq ID:	52483
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 14 2012 12:00AM
Updated:	Jul 06 2016 02:33PM
Credit:	The vendor reported these issues.
Vulnerable:	Xerox WorkCentre Pro Color 3545 Xerox WorkCentre Pro Color 2636 Xerox WorkCentre Pro Color 2128 Xerox WorkCentre Pro 90 Xerox WorkCentre Pro 75 Xerox WorkCentre Pro 65 Xerox WorkCentre Pro 55 Xerox WorkCentre Pro 45 Xerox WorkCentre Pro 40 Color Xerox WorkCentre Pro 35 Xerox WorkCentre Pro 32 Color Xerox WorkCentre Pro 275 0 Xerox WorkCentre Pro 255 0 Xerox WorkCentre Pro 245 0 Xerox WorkCentre Pro 238 0 Xerox WorkCentre Pro 175 Xerox WorkCentre Pro 165 Xerox WorkCentre Pro 265 Xerox WorkCentre Pro 232 Xerox WorkCentre M55 Xerox WorkCentre M45 Xerox WorkCentre M35 Xerox WorkCentre M175 Xerox WorkCentre M165 Xerox WorkCentre Bookmark 55 Xerox WorkCentre Bookmark 40 Xerox WorkCentre 7675 0 Xerox WorkCentre 7665 0 Xerox WorkCentre 7655 0 Xerox WorkCentre M20i Xerox WorkCentre M20 Xerox WorkCentre 7775 Xerox WorkCentre 7765 Xerox WorkCentre 7755 Xerox WorkCentre 7556 Xerox WorkCentre 7545 Xerox WorkCentre 7535 Xerox WorkCentre 7530 Xerox WorkCentre 7525 Xerox WorkCentre 7435 Xerox WorkCentre 7428 Xerox WorkCentre 7425 Xerox WorkCentre 7346 Xerox WorkCentre 7345 Xerox WorkCentre 7335 Xerox WorkCentre 7328 Xerox WorkCentre 7245 Xerox WorkCentre 7242 Xerox WorkCentre 7235 Xerox WorkCentre 7232 Xerox WorkCentre 7228 Xerox WorkCentre 7132 Xerox WorkCentre 7125 Xerox WorkCentre 7120 Xerox WorkCentre 6400 Xerox WorkCentre 5675 Xerox WorkCentre 5665 Xerox WorkCentre 5655 Xerox WorkCentre 5645 Xerox WorkCentre 5638 Xerox WorkCentre 5632 Xerox WorkCentre 5335 Xerox WorkCentre 5330 Xerox WorkCentre 5325 Xerox WorkCentre 5230 Xerox WorkCentre 5225 Xerox WorkCentre 5222 Xerox WorkCentre 5150 Xerox WorkCentre 5135 Xerox WorkCentre 5050 Xerox WorkCentre 5030 Xerox WorkCentre 4260 Xerox WorkCentre 4250 Xerox WorkCentre 4150 Xerox WorkCentre 4118 Xerox WorkCentre 3550 Xerox WorkCentre 3220 Xerox WorkCentre 3210 Xerox Phaser 8860MFP 0 Xerox Phaser 8860 0 Xerox Phaser 8560MFP 0 Xerox Phaser 8560 0 Xerox Phaser 8550 0 Xerox Phaser 7800 0 Xerox Phaser 7760 0 Xerox Phaser 7500 0 Xerox Phaser 7400 0 Xerox Phaser 6360 0 Xerox Phaser 6350 0 Xerox Phaser 5550 0 Xerox Phaser 4620 0 Xerox Phaser 4600 0 Xerox Phaser 4510 0 Xerox Phaser 3635MFP 0 Xerox Phaser 3600 0 Xerox Phaser 3435 0 Xerox Phaser 3300MFP 0 Xerox Phaser 3250 0 Xerox Phaser 3160N 0 Xerox ColorQube 9303 Xerox ColorQube 9302 Xerox ColorQube 9301 Xerox ColorQube 9203 Xerox ColorQube 9202 Xerox ColorQube 9201 Xerox ColorQube 8870 Xerox ColorQube 8570
Not Vulnerable:

Multiple Xerox Devices Multiple Remote Code Execution Vulnerabilities

Multiple Xerox devices are prone to multiple remote code-execution vulnerabilities.

An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Successful exploitation can completely compromise the vulnerable device.

Multiple Xerox Devices Multiple Remote Code Execution Vulnerabilities

The following metasploit module is available:

• /data/vulnerabilities/exploits/52483.rb

Multiple Xerox Devices Multiple Remote Code Execution Vulnerabilities

Solution:
The vendor has released updates. Please see the references for more information.

Multiple Xerox Devices Multiple Remote Code Execution Vulnerabilities

References:

• Attacking Xerox's Multifunctional Printers Patch Process (Foofus)
  
• Xerox Homepage (Xerox)
  
• Xerox Multifunction Printers (MFP) "Patch" DLM Vulnerability (Rapid7)
  
• Xerox Phaser 6700 - Remote Root-Exploits utilizing Clone Files (Raphael Ernst)
  
• Xerox Security Bulletin XRX12-003 Address Postscript and DLM Vulnerabilities (Xerox)