Xerox WorkCentre Crafted PostScript File Handling Directory Access (XRX10-001)

Medium Nessus Plugin ID 44943


The remote multi-function device allows an attacker to gain access to the Network Controller directory structure without authorization.


According to its model number and software version, the remote host is a Xerox WorkCentre device that could allow unauthorized access to the Network Controller directory structure using a specially crafted PostScript file.

A remote attacker may be able to leverage this to gain access to sensitive information from the affected device.


Apply the P40v1 patch as described in the Xerox security bulletin referenced above.

See Also

Plugin Details

Severity: Medium

ID: 44943

File Name: xerox_xrx10-001.nasl

Version: $Revision: 1.6 $

Type: remote

Family: Misc.

Published: 2010/03/01

Modified: 2017/08/16

Dependencies: 18141

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/h:xerox:workcentre

Required KB Items: www/xerox_workcentre

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2010/01/22

Vulnerability Publication Date: 2010/01/22

Reference Information

CVE: CVE-2010-0549

OSVDB: 61925

CWE: 200