Remote Code Execution Vulnerability on multiple Xerox Devices

Release date: 2012-03-14
Updated on: 2012-03-16

Affected Systems:
Xerox WorkCentre
Xerox Phaser 8860MFP 0
Xerox Phaser 8860 0
Xerox Phaser 8560MFP 0
Xerox Phaser 8560 0
Xerox Phaser 8550 0
Xerox Phaser 7800 0
Xerox Phaser 7760 0
Xerox Phaser 7500 0
Xerox Phaser 7400 0
Xerox Phaser 6360 0
Xerox Phaser 6350 0
Xerox Phaser 5550 0
Xerox Phaser 4620 0
Xerox Phaser 4600 0
Xerox Phaser 4510 0
Xerox Phaser 3635MFP 0
Xerox Phaser 3600 0
Xerox Phaser 3435 0
Xerox Phaser 3300MFP 0
Xerox Phaser 3250 0
Xerox Phaser limit 0n 0
Xerox ColorQube 9303
Xerox ColorQube 9302
Xerox ColorQube 9301
Xerox ColorQube 9203
Xerox ColorQube 9202
Xerox ColorQube 9201
Xerox ColorQube 8870
Xerox ColorQube 8570
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52483

Xerox is an American copywriting management and processing technology company that provides printers, photocopiers, digital printing equipment, and related services and consumables.

Multiple Xerox devices have remote code execution vulnerabilities when receiving specially crafted Postscript or firmware jobs. Attackers can exploit these vulnerabilities to execute arbitrary code.

<* Source: vendor

Link: http://www.xerox.com/download/security/security-bulletin/1284332-2ddc5-4baa79b70ac40/cert_XRX12-003_v1.1.pdf

*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Xerox
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.xerox.com