OSVDB ID: 69790

Title: XEROX WorkCentre Scan to Email Document Merging Local Information Disclosure

Info

Disclosure

Dec 10, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Dec 10, 2010

Description

XEROX WorkCentre contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an error within the 'Scan to Email' functionality occurs, resulting in merging two documents into one, which may be exploited by a local attacker to view a document scanned by another person.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Xerox has released a patch to address this vulnerability.

Products

XEROX CORPORATION	WorkCentre	5735
		5740
		5745
		5755
		5765
		5775
		5790

References

Secunia Advisory ID: 42627
Vendor Specific Advisory URL: http://www.xerox.com/downloads/usa/en/c/cert_XRX10-005_v1.0.pdf

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/69790

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

XEROX CORPORATION

WorkCentre

References

Credit