CVE-2017-10850

Name of the Vulnerable Software and Affected Versions ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 12 Apr 2017 02:04 UTC DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 12 Apr 2017 02:04 UTC PostScript Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 12 Apr 2017 02:10 UTC PostScript Driver + Additional Feature Plug-in + PPD File for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 12 Apr 2017 02:10 UTC XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 3 Nov 2017 23:48 UTC XPS Print Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 3 Nov 2017 23:48 UTC ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 26 May 2017 07:44 UTC ART EX Direct FAX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 26 May 2017 07:44 UTC Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 25 Aug 2015 08:51 UTC Setting Restore Tool for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 25 Aug 2015 08:51 UTC

Description The issue is related to an untrusted search path vulnerability in the installers of certain drivers and tools for ApeosPort-VI and DocuCentre-VI models. This vulnerability allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Recommendations For ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 12 Apr 2017 02:04 UTC, update to a version signed after 12 Apr 2017 02:04 UTC. For DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 12 Apr 2017 02:04 UTC, update to a version signed after 12 Apr 2017 02:04 UTC. For PostScript Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 12 Apr 2017 02:10 UTC, update to a version signed after 12 Apr 2017 02:10 UTC. For PostScript Driver + Additional Feature Plug-in + PPD File for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 12 Apr 2017 02:10 UTC, update to a version signed after 12 Apr 2017 02:10 UTC. For XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 3 Nov 2017 23:48 UTC, update to a version signed after 3 Nov 2017 23:48 UTC. For XPS Print Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 3 Nov 2017 23:48 UTC, update to a version signed after 3 Nov 2017 23:48 UTC. For ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 26 May 2017 07:44 UTC, update to a version signed after 26 May 2017 07:44 UTC. For ART EX Direct FAX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 26 May 2017 07:44 UTC, update to a version signed after 26 May 2017 07:44 UTC. For Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 25 Aug 2015 08:51 UTC, update to a version signed after 25 Aug 2015 08:51 UTC. For Setting Restore Tool for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 versions prior to 25 Aug 2015 08:51 UTC, update to a version signed after 25 Aug 2015 08:51 UTC.