[Japanese]

JVNDB-2017-000219

Multiple Fuji Xerox products may insecurely load Dynamic Link Libraries

Overview

Installers of multiple products, and DocuWorks self-extracting documents provided by Fuji Xerox Co.,Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).

Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 6.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial

CVSS V3 Severity:
Base Metrics: 7.8 (High) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


Fuji Xerox Co., Ltd.
  • ContentsBridge Utility for Windows (Installer) 7.4.0 and earlier (CVE-2017-10851)
  • DocuWorks (Installer) 8.0.7 and earlier (CVE-2017-10848)
  • DocuWorks 8.0.7 and earlier (Documents generated by Self-extracting) (CVE-2017-10849)
  • DocuWorks Viewer Light (Installer) published in Jul 2017 and earlier (CVE-2017-10848)
  • ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of ART EX Direct FAX Driver) (Timestamp of code signing is before 26 May 2017 07:44 UTC.) (CVE-2017-10850)
  • ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of ART EX Driver) (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.) (CVE-2017-10850)
  • ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of Setting Restore Tool) (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) (CVE-2017-10850)
  • ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of XPS Print Driver) (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.) (CVE-2017-10850)
  • ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of PostScript Driver + Additional Feature Plug-in + PPD File) (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.) (CVE-2017-10850)
  • DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of ART EX Direct FAX Driver) (Timestamp of code signing is before 26 May 2017 07:44 UTC.) (CVE-2017-10850)
  • DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of ART EX Driver) (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.) (CVE-2017-10850)
  • DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of Setting Restore Tool) (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) (CVE-2017-10850)
  • DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of XPS Print Driver) (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.) (CVE-2017-10850)
  • DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of PostScript Driver + Additional Feature Plug-in + PPD File) (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.) (CVE-2017-10850)

Impact

* Arbitrary code may be executed with the privilege of the administrative user invoking the installer - CVE-2017-10848, CVE-2017-10850, CVE-2017-10851
* Arbitrary code may be executed with the privilege of the user invoking the self-extracting document generated by DocuWorks - CVE-2017-10849
Solution

CVE-2017-10848, CVE-2017-10850, CVE-2017-10851
[Use the latest installer]
Use the latest installer according to the information provided by the developer.

CVE-2017-10849
[Update the Software]
Update to the latest version according to the information provided by the developer.

[Apply a Workaround]
The self-extracting document generator function is not included in the latest version of the software.
When invoking the DocuWorks self-extracting document file, place the document (.exe) file in a newly created empty folder.
For more information, refer to the information provided by the developer.
Vendor Information

Fuji Xerox Co., Ltd.
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2017-10848
  2. CVE-2017-10849
  3. CVE-2017-10850
  4. CVE-2017-10851
References

  1. JVN : JVN#09769017
  2. JVN : JVNTA#91240916
Revision History

[2017/08/31]
  Web page was published