JVNDB-2017-000219

Multiple Fuji Xerox products may insecurely load Dynamic Link Libraries

Installers of multiple products, and DocuWorks self-extracting documents provided by Fuji Xerox Co.,Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).

Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Fuji Xerox Co., Ltd.

• ContentsBridge Utility for Windows (Installer) 7.4.0 and earlier (CVE-2017-10851)
• DocuWorks (Installer) 8.0.7 and earlier (CVE-2017-10848)
• DocuWorks 8.0.7 and earlier (Documents generated by Self-extracting) (CVE-2017-10849)
• DocuWorks Viewer Light (Installer) published in Jul 2017 and earlier (CVE-2017-10848)
• ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of ART EX Direct FAX Driver) (Timestamp of code signing is before 26 May 2017 07:44 UTC.) (CVE-2017-10850)
• ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of ART EX Driver) (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.) (CVE-2017-10850)
• ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of Setting Restore Tool) (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) (CVE-2017-10850)
• ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of XPS Print Driver) (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.) (CVE-2017-10850)
• ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of PostScript Driver + Additional Feature Plug-in + PPD File) (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.) (CVE-2017-10850)
• DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of ART EX Direct FAX Driver) (Timestamp of code signing is before 26 May 2017 07:44 UTC.) (CVE-2017-10850)
• DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of ART EX Driver) (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.) (CVE-2017-10850)
• DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of Setting Restore Tool) (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) (CVE-2017-10850)
• DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of XPS Print Driver) (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.) (CVE-2017-10850)
• DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Installer of PostScript Driver + Additional Feature Plug-in + PPD File) (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.) (CVE-2017-10850)

* Arbitrary code may be executed with the privilege of the administrative user invoking the installer - CVE-2017-10848, CVE-2017-10850, CVE-2017-10851
* Arbitrary code may be executed with the privilege of the user invoking the self-extracting document generated by DocuWorks - CVE-2017-10849

CVE-2017-10848, CVE-2017-10850, CVE-2017-10851
[Use the latest installer]
Use the latest installer according to the information provided by the developer.

CVE-2017-10849
[Update the Software]
Update to the latest version according to the information provided by the developer.

[Apply a Workaround]
The self-extracting document generator function is not included in the latest version of the software.
When invoking the DocuWorks self-extracting document file, place the document (.exe) file in a newly created empty folder.
For more information, refer to the information provided by the developer.

Fuji Xerox Co., Ltd.

• Fuji Xerox : Fuji Xerox Co.,Ltd. website (in Japanese)

1. No Mapping(CWE-Other) [IPA Evaluation]

1. CVE-2017-10848
2. CVE-2017-10849
3. CVE-2017-10850
4. CVE-2017-10851

1. JVN : JVN#09769017
2. JVN : JVNTA#91240916
3. National Vulnerability Database (NVD) : CVE-2017-10848
4. National Vulnerability Database (NVD) : CVE-2017-10849
5. National Vulnerability Database (NVD) : CVE-2017-10850
6. National Vulnerability Database (NVD) : CVE-2017-10851

• [2017/08/31]
    Web page was published
• [2018/02/28]
    References : Contents were added
• [2021/04/12]
    Vendor Information : The hyperlink URL was updated