CVE-2017-10850
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
26.8%
Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Affected configurations
CNA Affected
[
{
"product": "Installer of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
}
]
},
{
"product": "Installer of ART EX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
}
]
},
{
"product": "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
}
]
},
{
"product": "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
}
]
},
{
"product": "Installer of XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
}
]
},
{
"product": "Installer of XPS Print Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
}
]
},
{
"product": "Installer of ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 26 May 2017 07:44 UTC"
}
]
},
{
"product": "Installer of ART EX Direct FAX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 26 May 2017 07:44 UTC"
}
]
},
{
"product": "Installer of Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
}
]
},
{
"product": "Installer of Setting Restore Tool for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
}
]
}
]References
Social References
More
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
26.8%