Xerox Security Bulletin XRX08-009 (PDF 104.4K)

A vulnerability exists in the WorkCentre Pro 232/238/245/255/265/275, WorkCentre 232/238/245/255/265/275, WorkCentre 7655/7665/7675, and WorkCentre 5632/5638/5645/5655/5665/5675/5687 ESS/Network Controller that, if exploited, could allow remote attackers to execute arbitrary code via specially crafted Remove Service Message Block (SMB) responses. This could occur with buffer overflows and un-validated user input in the Samba third-party code that handles file and printer sharing services for SMB clients (including Xerox MFD devices).

If successful, an attacker could make unauthorized changes to the system configuration; however, customer and user passwords are not exposed. This vulnerability affects only the printer sharing services.