Sign-up

ID

VAR-201203-0517


TITLE

Multiple Remote Code Execution Vulnerabilities in Multiple Xerox Devices

Trust: 0.6

sources: CNVD: CNVD-2012-1342

DESCRIPTION

Multiple Xerox products have multiple security vulnerabilities that allow malicious users to gain control of the device. Xerox has an unspecified security error that allows an attacker to send a specially crafted postscript or firmware job to execute arbitrary code. No detailed vulnerability details are currently available. An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Successful exploitation can completely compromise the vulnerable device. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Xerox Products PostScript and DLM Vulnerabilities SECUNIA ADVISORY ID: SA48322 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48322/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48322 RELEASE DATE: 2012-03-14 DISCUSS ADVISORY: http://secunia.com/advisories/48322/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48322/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48322 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in multiple Xerox products, which can be exploited by malicious people to compromise a vulnerable device. Please see the vendor's advisory for the list of affected products. SOLUTION: Apply update or workaround if available (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits Deral Heiland, www.foofus.net and Andrei Costin, www.andreicostin.com ORIGINAL ADVISORY: XRX12-003: http://www.xerox.com/download/security/security-bulletin/1284332-2ddc5-4baa79b70ac40/cert_XRX12-003_v1.1.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 0.9

sources: CNVD: CNVD-2012-1342 // BID: 52483 // PACKETSTORM: 110784

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-1342

AFFECTED PRODUCTS

vendor:xeroxmodel:colorqubescope:eqversion:8870

Trust: 0.9

vendor:xeroxmodel:colorqubescope:eqversion:8570

Trust: 0.9

vendor:xeroxmodel:colorqube seriesscope:eqversion:9300

Trust: 0.6

vendor:xeroxmodel:colorqube seriesscope:eqversion:9200

Trust: 0.6

vendor:xeroxmodel:workcentrescope: - version: -

Trust: 0.6

vendor:xeroxmodel:phaser 3160nscope: - version: -

Trust: 0.6

vendor:xeroxmodel:colorscope:eqversion:550/560

Trust: 0.6

vendor:xeroxmodel:phaserscope:eqversion:3250

Trust: 0.6

vendor:xeroxmodel:phaser 3300mfpscope: - version: -

Trust: 0.6

vendor:xeroxmodel:phaserscope:eqversion:3435

Trust: 0.6

vendor:xeroxmodel:phaserscope:eqversion:3600

Trust: 0.6

vendor:xeroxmodel:phaser 3635mfpscope: - version: -

Trust: 0.6

vendor:xeroxmodel:phaserscope:eqversion:4510

Trust: 0.6

vendor:xeroxmodel:phaserscope:eqversion:4600/4620

Trust: 0.6

vendor:xeroxmodel:phaserscope:eqversion:5550

Trust: 0.6

vendor:xeroxmodel:phaserscope:eqversion:6300/6350

Trust: 0.6

vendor:xeroxmodel:phaserscope:eqversion:6360

Trust: 0.6

vendor:xeroxmodel:phaserscope:eqversion:6700

Trust: 0.6

vendor:xeroxmodel:phaserscope:eqversion:7760

Trust: 0.6

vendor:xeroxmodel:phaserscope:eqversion:7800

Trust: 0.6

vendor:xeroxmodel:phaserscope:eqversion:8500/8550

Trust: 0.6

vendor:xeroxmodel:phaserscope:eqversion:8560

Trust: 0.6

vendor:xeroxmodel:phaser 8560mfpscope: - version: -

Trust: 0.6

vendor:xeroxmodel:phaserscope:eqversion:8860

Trust: 0.6

vendor:xeroxmodel:phaser 8860mfpscope: - version: -

Trust: 0.6

vendor:xeroxmodel:workcentre proscope: - version: -

Trust: 0.6

vendor:xeroxmodel:phaserscope:eqversion:7500

Trust: 0.6

vendor:xeroxmodel:workcentre pro colorscope:eqversion:3545

Trust: 0.3

vendor:xeroxmodel:workcentre pro colorscope:eqversion:2636

Trust: 0.3

vendor:xeroxmodel:workcentre pro colorscope:eqversion:2128

Trust: 0.3

vendor:xeroxmodel:workcentre proscope:eqversion:90

Trust: 0.3

vendor:xeroxmodel:workcentre proscope:eqversion:75

Trust: 0.3

vendor:xeroxmodel:workcentre proscope:eqversion:65

Trust: 0.3

vendor:xeroxmodel:workcentre proscope:eqversion:55

Trust: 0.3

vendor:xeroxmodel:workcentre proscope:eqversion:45

Trust: 0.3

vendor:xeroxmodel:workcentre pro colorscope:eqversion:40

Trust: 0.3

vendor:xeroxmodel:workcentre proscope:eqversion:35

Trust: 0.3

vendor:xeroxmodel:workcentre pro colorscope:eqversion:32

Trust: 0.3

vendor:xeroxmodel:workcentre proscope:eqversion:2750

Trust: 0.3

vendor:xeroxmodel:workcentre proscope:eqversion:2550

Trust: 0.3

vendor:xeroxmodel:workcentre proscope:eqversion:2450

Trust: 0.3

vendor:xeroxmodel:workcentre proscope:eqversion:2380

Trust: 0.3

vendor:xeroxmodel:workcentre proscope:eqversion:175

Trust: 0.3

vendor:xeroxmodel:workcentre proscope:eqversion:165

Trust: 0.3

vendor:xeroxmodel:workcentre proscope:eqversion:265

Trust: 0.3

vendor:xeroxmodel:workcentre proscope:eqversion:232

Trust: 0.3

vendor:xeroxmodel:workcentre m55scope: - version: -

Trust: 0.3

vendor:xeroxmodel:workcentre m45scope: - version: -

Trust: 0.3

vendor:xeroxmodel:workcentre m35scope: - version: -

Trust: 0.3

vendor:xeroxmodel:workcentre m175scope: - version: -

Trust: 0.3

vendor:xeroxmodel:workcentre m165scope: - version: -

Trust: 0.3

vendor:xeroxmodel:workcentre bookmarkscope:eqversion:55

Trust: 0.3

vendor:xeroxmodel:workcentre bookmarkscope:eqversion:40

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:76750

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:76650

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:76550

Trust: 0.3

vendor:xeroxmodel:workcentre m20iscope: - version: -

Trust: 0.3

vendor:xeroxmodel:workcentre m20scope: - version: -

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7775

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7765

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7755

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7556

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7545

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7535

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7530

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7525

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7435

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7428

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7425

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7346

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7345

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7335

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7328

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7245

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7242

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7235

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7232

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7228

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7132

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7125

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:7120

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:6400

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:5675

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:5665

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:5655

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:5645

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:5638

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:5632

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:5335

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:5330

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:5325

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:5230

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:5225

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:5222

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:5150

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:5135

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:5050

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:5030

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:4260

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:4250

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:4150

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:4118

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:3550

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:3220

Trust: 0.3

vendor:xeroxmodel:workcentrescope:eqversion:3210

Trust: 0.3

vendor:xeroxmodel:phaser 8860mfpscope:eqversion:0

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:88600

Trust: 0.3

vendor:xeroxmodel:phaser 8560mfpscope:eqversion:0

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:85600

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:85500

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:78000

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:77600

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:75000

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:74000

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:63600

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:63500

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:55500

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:46200

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:46000

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:45100

Trust: 0.3

vendor:xeroxmodel:phaser 3635mfpscope:eqversion:0

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:36000

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:34350

Trust: 0.3

vendor:xeroxmodel:phaser 3300mfpscope:eqversion:0

Trust: 0.3

vendor:xeroxmodel:phaserscope:eqversion:32500

Trust: 0.3

vendor:xeroxmodel:phaser 3160nscope:eqversion:0

Trust: 0.3

vendor:xeroxmodel:colorqubescope:eqversion:9303

Trust: 0.3

vendor:xeroxmodel:colorqubescope:eqversion:9302

Trust: 0.3

vendor:xeroxmodel:colorqubescope:eqversion:9301

Trust: 0.3

vendor:xeroxmodel:colorqubescope:eqversion:9203

Trust: 0.3

vendor:xeroxmodel:colorqubescope:eqversion:9202

Trust: 0.3

vendor:xeroxmodel:colorqubescope:eqversion:9201

Trust: 0.3

sources: CNVD: CNVD-2012-1342 // BID: 52483

THREAT TYPE

network

Trust: 0.3

sources: BID: 52483

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 52483

PATCH

title:Patch for multiple remote code execution vulnerabilities for multiple Xerox devicesurl:https://www.cnvd.org.cn/patchinfo/show/13452

Trust: 0.6

sources: CNVD: CNVD-2012-1342

EXTERNAL IDS

db:BIDid:52483

Trust: 0.9

db:SECUNIAid:48322

Trust: 0.7

db:CNVDid:CNVD-2012-1342

Trust: 0.6

db:PACKETSTORMid:110784

Trust: 0.1

sources: CNVD: CNVD-2012-1342 // BID: 52483 // PACKETSTORM: 110784

REFERENCES

url:http://secunia.com/advisories/48322/

Trust: 0.7

url:http://www.xerox.com/download/security/security-bulletin/1284332-2ddc5-4baa79b70ac40/cert_xrx12-003_v1.1.pdf

Trust: 0.4

url:http://h.foofus.net/goons/percx/xerox_hack.pdf

Trust: 0.3

url:http://www.xerox.com

Trust: 0.3

url:https://www.rapid7.com/db/modules/exploit/unix/misc/xerox_mfp

Trust: 0.3

url:http://seclists.org/fulldisclosure/2016/apr/91

Trust: 0.3

url:https://www.andreicostin.com

Trust: 0.1

url:http://secunia.com/psi_30_beta_launch

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/48322/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=48322

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:https://www.foofus.net

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2012-1342 // BID: 52483 // PACKETSTORM: 110784

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 52483

SOURCES

db:CNVDid:CNVD-2012-1342
db:BIDid:52483
db:PACKETSTORMid:110784

LAST UPDATE DATE

2022-05-17T22:24:28.923000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-1342date:2012-03-16T00:00:00
db:BIDid:52483date:2016-07-06T14:33:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2012-1342date:2012-03-16T00:00:00
db:BIDid:52483date:2012-03-14T00:00:00
db:PACKETSTORMid:110784date:2012-03-14T05:16:43