ID CVE-2010-3453 Type cve Reporter NVD Modified 2015-11-17T11:06:34
Description
The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
{"viewCount": 0, "lastseen": "2016-09-03T14:20:27", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "type": "cve", "description": "The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.", "assessment": {"name": "", "system": "", "href": ""}, "reporter": "NVD", "published": "2011-01-28T17:00:05", "history": [], "title": "CVE-2010-3453", "cpe": ["cpe:/a:sun:openoffice.org:2.2.1", "cpe:/a:sun:openoffice.org:2.3.0", "cpe:/a:sun:openoffice.org:2.4.2", "cpe:/a:sun:openoffice.org:2.0.0", "cpe:/a:sun:openoffice.org:3.2.1", "cpe:/a:sun:openoffice.org:2.0.3", "cpe:/a:sun:openoffice.org:2.4.3", "cpe:/a:sun:openoffice.org:2.4.0", "cpe:/a:sun:openoffice.org:3.1.1", "cpe:/a:sun:openoffice.org:2.2.0", "cpe:/a:sun:openoffice.org:3.0.1", "cpe:/a:sun:openoffice.org:3.0.0", "cpe:/a:sun:openoffice.org:2.4.1", "cpe:/a:sun:openoffice.org:3.2.0", "cpe:/a:sun:openoffice.org:2.1.0", "cpe:/a:sun:openoffice.org:2.3.1", "cpe:/a:sun:openoffice.org:2.0.4", "cpe:/a:sun:openoffice.org:3.1.0"], "bulletinFamily": "NVD", "edition": 1, "scanner": [], "id": "CVE-2010-3453", "cvelist": ["CVE-2010-3453"], "hash": "f35378a5c921f2c895787f532bbd342eca5ff9afa6a99a978fc80528d0de4737", "modified": "2015-11-17T11:06:34", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3453", "objectVersion": "1.2", "references": ["http://www.redhat.com/support/errata/RHSA-2011-0181.html", "http://www.cs.brown.edu/people/drosenbe/research.html", "http://www.securitytracker.com/id?1025002", "http://www.vsecurity.com/resources/advisory/20110126-1", "http://www.vupen.com/english/advisories/2011/0232", "http://www.vupen.com/english/advisories/2011/0230", "http://www.vupen.com/english/advisories/2011/0279", "http://ubuntu.com/usn/usn-1056-1", "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml", "https://bugzilla.redhat.com/show_bug.cgi?id=640950", "http://www.redhat.com/support/errata/RHSA-2011-0182.html", "http://www.openoffice.org/security/cves/CVE-2010-3453_CVE-2010-3454.html", "http://www.securityfocus.com/bid/46031", "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "http://www.debian.org/security/2011/dsa-2151", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027"], "enchantments": {"vulnersScore": 3.5}}
{"result": {"redhat": [{"id": "RHSA-2011:0181", "type": "redhat", "title": "(RHSA-2011:0181) Important: openoffice.org and openoffice.org2 security update", "description": "OpenOffice.org is an office productivity suite that includes desktop\napplications, such as a word processor, spreadsheet application,\npresentation manager, formula editor, and a drawing program.\n\nAn array index error and an integer signedness error were found in the way\nOpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker\ncould use these flaws to create a specially-crafted RTF file that, when\nopened, would cause OpenOffice.org to crash or, possibly, execute arbitrary\ncode with the privileges of the user running OpenOffice.org.\n(CVE-2010-3451, CVE-2010-3452)\n\nA heap-based buffer overflow flaw and an array index error were found in\nthe way OpenOffice.org parsed certain Microsoft Office Word documents. An\nattacker could use these flaws to create a specially-crafted Microsoft\nOffice Word document that, when opened, would cause OpenOffice.org to crash\nor, possibly, execute arbitrary code with the privileges of the user\nrunning OpenOffice.org. (CVE-2010-3453, CVE-2010-3454)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org\nparsed certain TARGA (Truevision TGA) files. An attacker could use this\nflaw to create a specially-crafted TARGA file. If a document containing\nthis specially-crafted TARGA file was opened, or if a user tried to insert\nthe file into an existing document, it would cause OpenOffice.org to crash\nor, possibly, execute arbitrary code with the privileges of the user\nrunning OpenOffice.org. (CVE-2010-4643)\n\nA directory traversal flaw was found in the way OpenOffice.org handled\nthe installation of XSLT filter descriptions packaged in Java Archive (JAR)\nfiles, as well as the installation of OpenOffice.org Extension (.oxt)\nfiles. An attacker could use these flaws to create a specially-crafted XSLT\nfilter description or extension file that, when opened, would cause the\nOpenOffice.org Extension Manager to modify files accessible to the user\ninstalling the JAR or extension file. (CVE-2010-3450)\n\nRed Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451,\nCVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues.\nUpstream acknowledges Dan Rosenberg of Virtual Security Research as the\noriginal reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and\nCVE-2010-3454 issues.\n\nAll OpenOffice.org users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of OpenOffice.org applications must be restarted for this update\nto take effect.\n", "published": "2011-01-28T05:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2011:0181", "cvelist": ["CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3452", "CVE-2010-3453", "CVE-2010-3454", "CVE-2010-4643"], "lastseen": "2017-09-09T07:19:34"}, {"id": "RHSA-2011:0183", "type": "redhat", "title": "(RHSA-2011:0183) Important: openoffice.org security and bug fix update", "description": "OpenOffice.org is an office productivity suite that includes desktop\napplications, such as a word processor, spreadsheet application,\npresentation manager, formula editor, and a drawing program.\n\nAn array index error and an integer signedness error were found in the way\nOpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker\ncould use these flaws to create a specially-crafted RTF file that, when\nopened, would cause OpenOffice.org to crash or, possibly, execute arbitrary\ncode with the privileges of the user running OpenOffice.org.\n(CVE-2010-3451, CVE-2010-3452)\n\nA heap-based buffer overflow flaw and an array index error were found in\nthe way OpenOffice.org parsed certain Microsoft Office Word documents. An\nattacker could use these flaws to create a specially-crafted Microsoft\nOffice Word document that, when opened, would cause OpenOffice.org to crash\nor, possibly, execute arbitrary code with the privileges of the user\nrunning OpenOffice.org. (CVE-2010-3453, CVE-2010-3454)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org\nparsed certain Microsoft Office PowerPoint files. An attacker could use\nthis flaw to create a specially-crafted Microsoft Office PowerPoint file\nthat, when opened, would cause OpenOffice.org to crash or, possibly,\nexecute arbitrary code with the privileges of the user running\nOpenOffice.org. (CVE-2010-4253)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org\nparsed certain TARGA (Truevision TGA) files. An attacker could use this\nflaw to create a specially-crafted TARGA file. If a document containing\nthis specially-crafted TARGA file was opened, or if a user tried to insert\nthe file into an existing document, it would cause OpenOffice.org to crash\nor, possibly, execute arbitrary code with the privileges of the user\nrunning OpenOffice.org. (CVE-2010-4643)\n\nA directory traversal flaw was found in the way OpenOffice.org handled the\ninstallation of XSLT filter descriptions packaged in Java Archive (JAR)\nfiles, as well as the installation of OpenOffice.org Extension (.oxt)\nfiles. An attacker could use these flaws to create a specially-crafted XSLT\nfilter description or extension file that, when opened, would cause the\nOpenOffice.org Extension Manager to modify files accessible to the user\ninstalling the JAR or extension file. (CVE-2010-3450)\n\nA flaw was found in the script that launches OpenOffice.org. In some\nsituations, a \".\" character could be included in the LD_LIBRARY_PATH\nvariable, allowing a local attacker to execute arbitrary code with the\nprivileges of the user running OpenOffice.org, if that user ran\nOpenOffice.org from within an attacker-controlled directory.\n(CVE-2010-3689)\n\nRed Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451,\nCVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues; and\nDmitri Gribenko for reporting the CVE-2010-3689 issue. Upstream\nacknowledges Dan Rosenberg of Virtual Security Research as the original\nreporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and\nCVE-2010-3454 issues.\n\nThis update also fixes the following bug:\n\n* OpenOffice.org did not create a lock file when opening a file that was on\na share mounted via SFTP. Additionally, if there was a lock file, it was\nignored. This could result in data loss if a file in this situation was\nopened simultaneously by another user. (BZ#671087)\n\nAll OpenOffice.org users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of OpenOffice.org applications must be restarted for this update\nto take effect.\n", "published": "2011-01-28T05:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2011:0183", "cvelist": ["CVE-2010-3450", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2017-03-06T11:18:32"}, {"id": "RHSA-2011:0182", "type": "redhat", "title": "(RHSA-2011:0182) Important: openoffice.org security update", "description": "OpenOffice.org is an office productivity suite that includes desktop\napplications, such as a word processor, spreadsheet application,\npresentation manager, formula editor, and a drawing program.\n\nAn array index error and an integer signedness error were found in the way\nOpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker\ncould use these flaws to create a specially-crafted RTF file that, when\nopened, would cause OpenOffice.org to crash or, possibly, execute arbitrary\ncode with the privileges of the user running OpenOffice.org.\n(CVE-2010-3451, CVE-2010-3452)\n\nA heap-based buffer overflow flaw and an array index error were found in\nthe way OpenOffice.org parsed certain Microsoft Office Word documents. An\nattacker could use these flaws to create a specially-crafted Microsoft\nOffice Word document that, when opened, would cause OpenOffice.org to crash\nor, possibly, execute arbitrary code with the privileges of the user\nrunning OpenOffice.org. (CVE-2010-3453, CVE-2010-3454)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org\nparsed certain Microsoft Office PowerPoint files. An attacker could use\nthis flaw to create a specially-crafted Microsoft Office PowerPoint file\nthat, when opened, would cause OpenOffice.org to crash or, possibly,\nexecute arbitrary code with the privileges of the user running\nOpenOffice.org. (CVE-2010-4253)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org\nparsed certain TARGA (Truevision TGA) files. An attacker could use this\nflaw to create a specially-crafted TARGA file. If a document containing\nthis specially-crafted TARGA file was opened, or if a user tried to insert\nthe file into an existing document, it would cause OpenOffice.org to crash\nor, possibly, execute arbitrary code with the privileges of the user\nrunning OpenOffice.org. (CVE-2010-4643)\n\nA directory traversal flaw was found in the way OpenOffice.org handled the\ninstallation of XSLT filter descriptions packaged in Java Archive (JAR)\nfiles, as well as the installation of OpenOffice.org Extension (.oxt)\nfiles. An attacker could use these flaws to create a specially-crafted XSLT\nfilter description or extension file that, when opened, would cause the\nOpenOffice.org Extension Manager to modify files accessible to the user\ninstalling the JAR or extension file. (CVE-2010-3450)\n\nA flaw was found in the script that launches OpenOffice.org. In some\nsituations, a \".\" character could be included in the LD_LIBRARY_PATH\nvariable, allowing a local attacker to execute arbitrary code with the\nprivileges of the user running OpenOffice.org, if that user ran\nOpenOffice.org from within an attacker-controlled directory.\n(CVE-2010-3689)\n\nRed Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451,\nCVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues; and\nDmitri Gribenko for reporting the CVE-2010-3689 issue. Upstream\nacknowledges Dan Rosenberg of Virtual Security Research as the original\nreporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and\nCVE-2010-3454 issues.\n\nAll OpenOffice.org users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of OpenOffice.org applications must be restarted for this update\nto take effect.\n", "published": "2011-01-28T05:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2011:0182", "cvelist": ["CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3452", "CVE-2010-3453", "CVE-2010-3454", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-4643"], "lastseen": "2017-09-09T07:19:30"}], "openvas": [{"id": "OPENVAS:881400", "type": "openvas", "title": "CentOS Update for openoffice.org CESA-2011:0181 centos4 x86_64", "description": "Check for the Version of openoffice.org", "published": "2012-07-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=881400", "cvelist": ["CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2018-01-11T11:06:16"}, {"id": "OPENVAS:880469", "type": "openvas", "title": "CentOS Update for openoffice.org CESA-2011:0181 centos4 i386", "description": "Check for the Version of openoffice.org", "published": "2011-02-11T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880469", "cvelist": ["CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2017-07-25T10:55:51"}, {"id": "OPENVAS:1361412562310870386", "type": "openvas", "title": "RedHat Update for openoffice.org and openoffice.org2 RHSA-2011:0181-01", "description": "Check for the Version of openoffice.org and openoffice.org2", "published": "2011-01-31T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870386", "cvelist": ["CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2018-04-09T11:36:26"}, {"id": "OPENVAS:870386", "type": "openvas", "title": "RedHat Update for openoffice.org and openoffice.org2 RHSA-2011:0181-01", "description": "Check for the Version of openoffice.org and openoffice.org2", "published": "2011-01-31T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870386", "cvelist": ["CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2017-07-27T10:55:12"}, {"id": "OPENVAS:1361412562310881400", "type": "openvas", "title": "CentOS Update for openoffice.org CESA-2011:0181 centos4 x86_64", "description": "Check for the Version of openoffice.org", "published": "2012-07-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881400", "cvelist": ["CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2018-04-06T11:17:03"}, {"id": "OPENVAS:1361412562310880469", "type": "openvas", "title": "CentOS Update for openoffice.org CESA-2011:0181 centos4 i386", "description": "Check for the Version of openoffice.org", "published": "2011-02-11T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880469", "cvelist": ["CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2018-04-09T11:37:54"}, {"id": "OPENVAS:1361412562310881294", "type": "openvas", "title": "CentOS Update for openoffice.org-base CESA-2011:0182 centos5 x86_64", "description": "Check for the Version of openoffice.org-base", "published": "2012-07-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881294", "cvelist": ["CVE-2010-3450", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2018-04-06T11:17:03"}, {"id": "OPENVAS:880524", "type": "openvas", "title": "CentOS Update for openoffice.org-base CESA-2011:0182 centos5 i386", "description": "Check for the Version of openoffice.org-base", "published": "2011-08-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880524", "cvelist": ["CVE-2010-3450", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2017-07-25T10:55:45"}, {"id": "OPENVAS:1361412562310870624", "type": "openvas", "title": "RedHat Update for openoffice.org RHSA-2011:0183-01", "description": "Check for the Version of openoffice.org", "published": "2012-07-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870624", "cvelist": ["CVE-2010-3450", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2018-04-06T11:17:03"}, {"id": "OPENVAS:136141256231068989", "type": "openvas", "title": "Debian Security Advisory DSA 2151-1 (openoffice.org)", "description": "The remote host is missing an update to openoffice.org\nannounced via advisory DSA 2151-1.", "published": "2011-03-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068989", "cvelist": ["CVE-2010-3450", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2018-04-06T11:35:36"}], "nessus": [{"id": "SL_20110128_OPENOFFICE_ORG_AND_OPENOFFICE_ORG2_ON_SL4_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : openoffice.org and openoffice.org2 on SL4.x i386/x86_64", "description": "An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452)\n\nA heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643)\n\nA directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file.\n(CVE-2010-3450)\n\nAll running instances of OpenOffice.org applications must be restarted for this update to take effect.", "published": "2012-08-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60945", "cvelist": ["CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2017-10-29T13:33:02"}, {"id": "CENTOS_RHSA-2011-0182.NASL", "type": "nessus", "title": "CentOS 5 : openoffice.org (CESA-2011:0182)", "description": "Updated openoffice.org packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program.\n\nAn array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452)\n\nA heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643)\n\nA directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file.\n(CVE-2010-3450)\n\nA flaw was found in the script that launches OpenOffice.org. In some situations, a '.' character could be included in the LD_LIBRARY_PATH variable, allowing a local attacker to execute arbitrary code with the privileges of the user running OpenOffice.org, if that user ran OpenOffice.org from within an attacker-controlled directory.\n(CVE-2010-3689)\n\nRed Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues; and Dmitri Gribenko for reporting the CVE-2010-3689 issue. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and CVE-2010-3454 issues.\n\nAll OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.\nAll running instances of OpenOffice.org applications must be restarted for this update to take effect.", "published": "2011-05-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=53831", "cvelist": ["CVE-2010-3450", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2017-10-29T13:46:13"}, {"id": "FEDORA_2011-0837.NASL", "type": "nessus", "title": "Fedora 13 : openoffice.org-3.2.0-12.35.fc13 (2011-0837)", "description": "- Thu Jan 27 2011 Caolan McNamara <caolanm at redhat.com>- 1:3.2.0-12.35\n\n - CVE-2010-3450 Extensions and filter package files\n\n - CVE-2010-3451 / CVE-2010-3452 RTF documents\n\n - CVE-2010-3453 / CVE-2010-3454 Word documents\n\n - CVE-2010-3689 LD_LIBRARY_PATH usage\n\n - CVE-2010-4253 PNG graphics\n\n - CVE-2010-4643 TGA graphics\n\n - Resolves: rhbz#648475 Crash in scanner dialog\n\n - Resolves: rhbz#657628 divide-by-zero\n\n - Resolves: rhbz#657718 Crash in SwObjectFormatterTxtFrm\n\n - Resolves: rhbz#660312 SDK setup script creates invalid variables (dtardon)\n\n - Resolves: rhbz#663780 extend neon mutex locking\n\n - Resoves: rhbz#577525 [abrt] crash in ImplRegionBase::~ImplRegionBase (dtardon)\n\n - Tue Oct 26 2010 Caolan McNamara <caolanm at redhat.com>\n - 1:3.2.0-12.34\n\n - Resolves: rhbz#636521 crash in undo in sc\n\n - Resolves: rhbz#641637 [abrt] [presentation-minimizer] crash in OptimizationStats::GetStatusValue (dtardon)\n\n - make LD_PRELOAD of libsalalloc_malloc.so work again (dtardon)\n\n - Resolves: rhbz#642996 [abrt] CffSubsetterContext::readDictOp (dtardon)\n\n - Fri Oct 15 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.33\n\n - Resolves: rhbz#637838 Cropped pictures are displayed in entirety in handouts (dtardon)\n\n - Tue Oct 12 2010 Caolan McNamara <caolanm at redhat.com>\n - 1:3.2.0-12.32\n\n - Resolves: rhbz#568277 workaround to avoid the crash (dtardon)\n\n - Resolves: rhbz#631543 [abrt] crash on dereferencing dangling pointer passed down from SwCalc::Str2Double (dtardon)\n\n - Resolves: rhbz#631823 Line and Filling toolbar glitch on theme change (caolanm)\n\n - Resolves: rhbz#637738 threading problems with using libgcrypt via neon when libgcrypt which was initialized by cups to be non-thread safe (caolanm)\n\n - Resolves: rhbz#632326 [abrt] [docx] _Construct<long, long> crash (dtardon)\n\n - Fri Aug 13 2010 Caolan McNamara <caolanm at redhat.com>\n - 1:3.2.0-12.31\n\n - Resolves: rhbz#623800 gnome-shell/mutter focus problems\n\n - Thu Aug 12 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.30\n\n - Resolves: rhbz#623609 CVE-2010-2935 CVE-2010-2936\n\n - Mon Aug 9 2010 Caolan McNamara <caolanm at redhat.com>\n - 1:3.2.0-12.29\n\n - Resolves: rhbz#601621 avoid using mmap for copying files\n\n - Sun Aug 8 2010 Caolan McNamara <caolanm at redhat.com>\n - 1:3.2.0-12.28\n\n - Resolves: rhbz#621248 32bit events in forms on 64bit\n\n - Resolves rhbz#618047 Brackets incorrectly render in presentations (dtardon)\n\n - Wed Aug 4 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.27\n\n - Resolves: rhbz#608114 cppu-lifecycle issues (caolanm)\n\n - Resolves: rhbz#566831 [abrt] crash in GetFrmSize (dtardon)\n\n - Resolves: rhbz#613278 [abrt] crash in SANE shutdown (caolanm)\n\n - Resolves: rhbz#620390 [abrt] crash in SfxViewFrame::GetFrame (dtardon)\n\n - Mon Jun 21 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.26\n\n[plus 34 lines in the Changelog]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-02-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=52004", "cvelist": ["CVE-2010-3450", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2017-10-29T13:43:19"}, {"id": "ORACLELINUX_ELSA-2011-0181.NASL", "type": "nessus", "title": "Oracle Linux 4 : openoffice.org (ELSA-2011-0181)", "description": "From Red Hat Security Advisory 2011:0181 :\n\nUpdated openoffice.org and openoffice.org2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program.\n\nAn array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452)\n\nA heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643)\n\nA directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file.\n(CVE-2010-3450)\n\nRed Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and CVE-2010-3454 issues.\n\nAll OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.\nAll running instances of OpenOffice.org applications must be restarted for this update to take effect.", "published": "2013-07-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68189", "cvelist": ["CVE-2010-3450", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2017-10-29T13:37:54"}, {"id": "ORACLELINUX_ELSA-2011-0183.NASL", "type": "nessus", "title": "Oracle Linux 6 : openoffice.org (ELSA-2011-0183)", "description": "From Red Hat Security Advisory 2011:0183 :\n\nUpdated openoffice.org packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program.\n\nAn array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452)\n\nA heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643)\n\nA directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file.\n(CVE-2010-3450)\n\nA flaw was found in the script that launches OpenOffice.org. In some situations, a '.' character could be included in the LD_LIBRARY_PATH variable, allowing a local attacker to execute arbitrary code with the privileges of the user running OpenOffice.org, if that user ran OpenOffice.org from within an attacker-controlled directory.\n(CVE-2010-3689)\n\nRed Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues; and Dmitri Gribenko for reporting the CVE-2010-3689 issue. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and CVE-2010-3454 issues.\n\nThis update also fixes the following bug :\n\n* OpenOffice.org did not create a lock file when opening a file that was on a share mounted via SFTP. Additionally, if there was a lock file, it was ignored. This could result in data loss if a file in this situation was opened simultaneously by another user. (BZ#671087)\n\nAll OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.\nAll running instances of OpenOffice.org applications must be restarted for this update to take effect.", "published": "2013-07-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68190", "cvelist": ["CVE-2010-3450", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2017-10-29T13:35:46"}, {"id": "REDHAT-RHSA-2011-0183.NASL", "type": "nessus", "title": "RHEL 6 : openoffice.org (RHSA-2011:0183)", "description": "Updated openoffice.org packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program.\n\nAn array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452)\n\nA heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643)\n\nA directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file.\n(CVE-2010-3450)\n\nA flaw was found in the script that launches OpenOffice.org. In some situations, a '.' character could be included in the LD_LIBRARY_PATH variable, allowing a local attacker to execute arbitrary code with the privileges of the user running OpenOffice.org, if that user ran OpenOffice.org from within an attacker-controlled directory.\n(CVE-2010-3689)\n\nRed Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues; and Dmitri Gribenko for reporting the CVE-2010-3689 issue. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and CVE-2010-3454 issues.\n\nThis update also fixes the following bug :\n\n* OpenOffice.org did not create a lock file when opening a file that was on a share mounted via SFTP. Additionally, if there was a lock file, it was ignored. This could result in data loss if a file in this situation was opened simultaneously by another user. (BZ#671087)\n\nAll OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.\nAll running instances of OpenOffice.org applications must be restarted for this update to take effect.", "published": "2011-01-31T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=51827", "cvelist": ["CVE-2010-3450", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2017-10-29T13:41:47"}, {"id": "SL_20110128_OPENOFFICE_ORG_ON_SL5_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : openoffice.org on SL5.x i386/x86_64", "description": "An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452)\n\nA heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643)\n\nA directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file.\n(CVE-2010-3450)\n\nA flaw was found in the script that launches OpenOffice.org. In some situations, a '.' character could be included in the LD_LIBRARY_PATH variable, allowing a local attacker to execute arbitrary code with the privileges of the user running OpenOffice.org, if that user ran OpenOffice.org from within an attacker-controlled directory.\n(CVE-2010-3689)\n\nAll running instances of OpenOffice.org applications must be restarted for this update to take effect.", "published": "2012-08-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60946", "cvelist": ["CVE-2010-3450", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2017-10-29T13:34:51"}, {"id": "REDHAT-RHSA-2011-0181.NASL", "type": "nessus", "title": "RHEL 4 : openoffice.org and openoffice.org2 (RHSA-2011:0181)", "description": "Updated openoffice.org and openoffice.org2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program.\n\nAn array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452)\n\nA heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643)\n\nA directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file.\n(CVE-2010-3450)\n\nRed Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and CVE-2010-3454 issues.\n\nAll OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.\nAll running instances of OpenOffice.org applications must be restarted for this update to take effect.", "published": "2011-01-31T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=51825", "cvelist": ["CVE-2010-3450", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2017-10-29T13:35:16"}, {"id": "CENTOS_RHSA-2011-0181.NASL", "type": "nessus", "title": "CentOS 4 : openoffice.org / openoffice.org2 (CESA-2011:0181)", "description": "Updated openoffice.org and openoffice.org2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program.\n\nAn array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452)\n\nA heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643)\n\nA directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file.\n(CVE-2010-3450)\n\nRed Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and CVE-2010-3454 issues.\n\nAll OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.\nAll running instances of OpenOffice.org applications must be restarted for this update to take effect.", "published": "2011-02-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=51887", "cvelist": ["CVE-2010-3450", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2017-10-29T13:33:16"}, {"id": "SL_20110128_OPENOFFICE_ORG_ON_SL6_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : openoffice.org on SL6.x i386/x86_64", "description": "An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452)\n\nA heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643)\n\nA directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file.\n(CVE-2010-3450)\n\nA flaw was found in the script that launches OpenOffice.org. In some situations, a '.' character could be included in the LD_LIBRARY_PATH variable, allowing a local attacker to execute arbitrary code with the privileges of the user running OpenOffice.org, if that user ran OpenOffice.org from within an attacker-controlled directory.\n(CVE-2010-3689)\n\nThis update also fixes the following bug :\n\n - OpenOffice.org did not create a lock file when opening a file that was on a share mounted via SFTP. Additionally, if there was a lock file, it was ignored. This could result in data loss if a file in this situation was opened simultaneously by another user. (BZ#671087)\n\nAll running instances of OpenOffice.org applications must be restarted for this update to take effect.", "published": "2012-08-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60947", "cvelist": ["CVE-2010-3450", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2017-10-29T13:42:38"}], "centos": [{"id": "CESA-2011:0181", "type": "centos", "title": "openoffice.org, openoffice.org2 security update", "description": "**CentOS Errata and Security Advisory** CESA-2011:0181\n\n\nOpenOffice.org is an office productivity suite that includes desktop\napplications, such as a word processor, spreadsheet application,\npresentation manager, formula editor, and a drawing program.\n\nAn array index error and an integer signedness error were found in the way\nOpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker\ncould use these flaws to create a specially-crafted RTF file that, when\nopened, would cause OpenOffice.org to crash or, possibly, execute arbitrary\ncode with the privileges of the user running OpenOffice.org.\n(CVE-2010-3451, CVE-2010-3452)\n\nA heap-based buffer overflow flaw and an array index error were found in\nthe way OpenOffice.org parsed certain Microsoft Office Word documents. An\nattacker could use these flaws to create a specially-crafted Microsoft\nOffice Word document that, when opened, would cause OpenOffice.org to crash\nor, possibly, execute arbitrary code with the privileges of the user\nrunning OpenOffice.org. (CVE-2010-3453, CVE-2010-3454)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org\nparsed certain TARGA (Truevision TGA) files. An attacker could use this\nflaw to create a specially-crafted TARGA file. If a document containing\nthis specially-crafted TARGA file was opened, or if a user tried to insert\nthe file into an existing document, it would cause OpenOffice.org to crash\nor, possibly, execute arbitrary code with the privileges of the user\nrunning OpenOffice.org. (CVE-2010-4643)\n\nA directory traversal flaw was found in the way OpenOffice.org handled\nthe installation of XSLT filter descriptions packaged in Java Archive (JAR)\nfiles, as well as the installation of OpenOffice.org Extension (.oxt)\nfiles. An attacker could use these flaws to create a specially-crafted XSLT\nfilter description or extension file that, when opened, would cause the\nOpenOffice.org Extension Manager to modify files accessible to the user\ninstalling the JAR or extension file. (CVE-2010-3450)\n\nRed Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451,\nCVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues.\nUpstream acknowledges Dan Rosenberg of Virtual Security Research as the\noriginal reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and\nCVE-2010-3454 issues.\n\nAll OpenOffice.org users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of OpenOffice.org applications must be restarted for this update\nto take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-February/017251.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-February/017252.html\n\n**Affected packages:**\nopenoffice.org\nopenoffice.org-i18n\nopenoffice.org-kde\nopenoffice.org-libs\nopenoffice.org2\nopenoffice.org2-base\nopenoffice.org2-calc\nopenoffice.org2-core\nopenoffice.org2-draw\nopenoffice.org2-emailmerge\nopenoffice.org2-graphicfilter\nopenoffice.org2-impress\nopenoffice.org2-javafilter\nopenoffice.org2-langpack-af_ZA\nopenoffice.org2-langpack-ar\nopenoffice.org2-langpack-bg_BG\nopenoffice.org2-langpack-bn\nopenoffice.org2-langpack-ca_ES\nopenoffice.org2-langpack-cs_CZ\nopenoffice.org2-langpack-cy_GB\nopenoffice.org2-langpack-da_DK\nopenoffice.org2-langpack-de\nopenoffice.org2-langpack-el_GR\nopenoffice.org2-langpack-es\nopenoffice.org2-langpack-et_EE\nopenoffice.org2-langpack-eu_ES\nopenoffice.org2-langpack-fi_FI\nopenoffice.org2-langpack-fr\nopenoffice.org2-langpack-ga_IE\nopenoffice.org2-langpack-gl_ES\nopenoffice.org2-langpack-gu_IN\nopenoffice.org2-langpack-he_IL\nopenoffice.org2-langpack-hi_IN\nopenoffice.org2-langpack-hr_HR\nopenoffice.org2-langpack-hu_HU\nopenoffice.org2-langpack-it\nopenoffice.org2-langpack-ja_JP\nopenoffice.org2-langpack-ko_KR\nopenoffice.org2-langpack-lt_LT\nopenoffice.org2-langpack-ms_MY\nopenoffice.org2-langpack-nb_NO\nopenoffice.org2-langpack-nl\nopenoffice.org2-langpack-nn_NO\nopenoffice.org2-langpack-pa_IN\nopenoffice.org2-langpack-pl_PL\nopenoffice.org2-langpack-pt_BR\nopenoffice.org2-langpack-pt_PT\nopenoffice.org2-langpack-ru\nopenoffice.org2-langpack-sk_SK\nopenoffice.org2-langpack-sl_SI\nopenoffice.org2-langpack-sr_CS\nopenoffice.org2-langpack-sv\nopenoffice.org2-langpack-ta_IN\nopenoffice.org2-langpack-th_TH\nopenoffice.org2-langpack-tr_TR\nopenoffice.org2-langpack-zh_CN\nopenoffice.org2-langpack-zh_TW\nopenoffice.org2-langpack-zu_ZA\nopenoffice.org2-math\nopenoffice.org2-pyuno\nopenoffice.org2-testtools\nopenoffice.org2-writer\nopenoffice.org2-xsltfilter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0181.html", "published": "2011-02-04T05:49:09", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2011-February/017251.html", "cvelist": ["CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2017-10-03T18:25:09"}, {"id": "CESA-2011:0182", "type": "centos", "title": "openoffice.org security update", "description": "**CentOS Errata and Security Advisory** CESA-2011:0182\n\n\nOpenOffice.org is an office productivity suite that includes desktop\napplications, such as a word processor, spreadsheet application,\npresentation manager, formula editor, and a drawing program.\n\nAn array index error and an integer signedness error were found in the way\nOpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker\ncould use these flaws to create a specially-crafted RTF file that, when\nopened, would cause OpenOffice.org to crash or, possibly, execute arbitrary\ncode with the privileges of the user running OpenOffice.org.\n(CVE-2010-3451, CVE-2010-3452)\n\nA heap-based buffer overflow flaw and an array index error were found in\nthe way OpenOffice.org parsed certain Microsoft Office Word documents. An\nattacker could use these flaws to create a specially-crafted Microsoft\nOffice Word document that, when opened, would cause OpenOffice.org to crash\nor, possibly, execute arbitrary code with the privileges of the user\nrunning OpenOffice.org. (CVE-2010-3453, CVE-2010-3454)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org\nparsed certain Microsoft Office PowerPoint files. An attacker could use\nthis flaw to create a specially-crafted Microsoft Office PowerPoint file\nthat, when opened, would cause OpenOffice.org to crash or, possibly,\nexecute arbitrary code with the privileges of the user running\nOpenOffice.org. (CVE-2010-4253)\n\nA heap-based buffer overflow flaw was found in the way OpenOffice.org\nparsed certain TARGA (Truevision TGA) files. An attacker could use this\nflaw to create a specially-crafted TARGA file. If a document containing\nthis specially-crafted TARGA file was opened, or if a user tried to insert\nthe file into an existing document, it would cause OpenOffice.org to crash\nor, possibly, execute arbitrary code with the privileges of the user\nrunning OpenOffice.org. (CVE-2010-4643)\n\nA directory traversal flaw was found in the way OpenOffice.org handled the\ninstallation of XSLT filter descriptions packaged in Java Archive (JAR)\nfiles, as well as the installation of OpenOffice.org Extension (.oxt)\nfiles. An attacker could use these flaws to create a specially-crafted XSLT\nfilter description or extension file that, when opened, would cause the\nOpenOffice.org Extension Manager to modify files accessible to the user\ninstalling the JAR or extension file. (CVE-2010-3450)\n\nA flaw was found in the script that launches OpenOffice.org. In some\nsituations, a \".\" character could be included in the LD_LIBRARY_PATH\nvariable, allowing a local attacker to execute arbitrary code with the\nprivileges of the user running OpenOffice.org, if that user ran\nOpenOffice.org from within an attacker-controlled directory.\n(CVE-2010-3689)\n\nRed Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451,\nCVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues; and\nDmitri Gribenko for reporting the CVE-2010-3689 issue. Upstream\nacknowledges Dan Rosenberg of Virtual Security Research as the original\nreporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and\nCVE-2010-3454 issues.\n\nAll OpenOffice.org users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. All running\ninstances of OpenOffice.org applications must be restarted for this update\nto take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-May/017526.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-May/017527.html\n\n**Affected packages:**\nopenoffice.org\nopenoffice.org-base\nopenoffice.org-calc\nopenoffice.org-core\nopenoffice.org-draw\nopenoffice.org-emailmerge\nopenoffice.org-graphicfilter\nopenoffice.org-headless\nopenoffice.org-impress\nopenoffice.org-javafilter\nopenoffice.org-langpack-af_ZA\nopenoffice.org-langpack-ar\nopenoffice.org-langpack-as_IN\nopenoffice.org-langpack-bg_BG\nopenoffice.org-langpack-bn\nopenoffice.org-langpack-ca_ES\nopenoffice.org-langpack-cs_CZ\nopenoffice.org-langpack-cy_GB\nopenoffice.org-langpack-da_DK\nopenoffice.org-langpack-de\nopenoffice.org-langpack-el_GR\nopenoffice.org-langpack-es\nopenoffice.org-langpack-et_EE\nopenoffice.org-langpack-eu_ES\nopenoffice.org-langpack-fi_FI\nopenoffice.org-langpack-fr\nopenoffice.org-langpack-ga_IE\nopenoffice.org-langpack-gl_ES\nopenoffice.org-langpack-gu_IN\nopenoffice.org-langpack-he_IL\nopenoffice.org-langpack-hi_IN\nopenoffice.org-langpack-hr_HR\nopenoffice.org-langpack-hu_HU\nopenoffice.org-langpack-it\nopenoffice.org-langpack-ja_JP\nopenoffice.org-langpack-kn_IN\nopenoffice.org-langpack-ko_KR\nopenoffice.org-langpack-lt_LT\nopenoffice.org-langpack-ml_IN\nopenoffice.org-langpack-mr_IN\nopenoffice.org-langpack-ms_MY\nopenoffice.org-langpack-nb_NO\nopenoffice.org-langpack-nl\nopenoffice.org-langpack-nn_NO\nopenoffice.org-langpack-nr_ZA\nopenoffice.org-langpack-nso_ZA\nopenoffice.org-langpack-or_IN\nopenoffice.org-langpack-pa_IN\nopenoffice.org-langpack-pl_PL\nopenoffice.org-langpack-pt_BR\nopenoffice.org-langpack-pt_PT\nopenoffice.org-langpack-ru\nopenoffice.org-langpack-sk_SK\nopenoffice.org-langpack-sl_SI\nopenoffice.org-langpack-sr_CS\nopenoffice.org-langpack-ss_ZA\nopenoffice.org-langpack-st_ZA\nopenoffice.org-langpack-sv\nopenoffice.org-langpack-ta_IN\nopenoffice.org-langpack-te_IN\nopenoffice.org-langpack-th_TH\nopenoffice.org-langpack-tn_ZA\nopenoffice.org-langpack-tr_TR\nopenoffice.org-langpack-ts_ZA\nopenoffice.org-langpack-ur\nopenoffice.org-langpack-ve_ZA\nopenoffice.org-langpack-xh_ZA\nopenoffice.org-langpack-zh_CN\nopenoffice.org-langpack-zh_TW\nopenoffice.org-langpack-zu_ZA\nopenoffice.org-math\nopenoffice.org-pyuno\nopenoffice.org-sdk\nopenoffice.org-sdk-doc\nopenoffice.org-testtools\nopenoffice.org-ure\nopenoffice.org-writer\nopenoffice.org-xsltfilter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0182.html", "published": "2011-05-07T05:10:56", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2011-May/017526.html", "cvelist": ["CVE-2010-3450", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2017-10-03T18:25:41"}], "oraclelinux": [{"id": "ELSA-2011-0181", "type": "oraclelinux", "title": "openoffice.org security update", "description": "openoffice.org\n[1.1.5-10.7.10]\n- Resolves: rhbz#642175 openoffice.org various flaws\n- CVE-2010-4643 heap based buffer overflow when parsing TGA files\n[1.1.5-10.7.8]\n- Resolves: rhbz#642175 openoffice.org various flaws\n- CVE-2010-3450 directory traversal flaws in handling of XSLT jar filter\n descriptions and OXT extension files\n- CVE-2010-3451 Array index error by insecure parsing of broken rtf\n tables\n- CVE-2010-3452 Integer signedness error (crash) by processing certain\n RTF tags\n- CVE-2010-3453 Heap-based buffer overflow by processing *.doc files\n with WW8 list styles with specially-crafted count of list levels\n- CVE-2010-3454 Array index error by scanning document typography\n information of certain *.doc files", "published": "2011-01-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2011-0181.html", "cvelist": ["CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2016-09-04T11:16:21"}, {"id": "ELSA-2011-0183", "type": "oraclelinux", "title": "openoffice.org security and bug fix update", "description": "[3.2.1-19.3.0.1.el6_0.5]\n- Replaced RedHat colors with Oracle colors, OOO_VENDOR with Oracle Corp.,\n and the filename redhat.soc with oracle.soc in specfile bug#10911\n[1:3.2.1-19.6.5]\n- Related: rhbz#671087 set right file permissions\n[1:3.2.1-19.6.4]\n- Resolves: rhbz#671087 file locks are not created with gvfs-sftp\n volumes with OpenOffice.org\n[1:3.2.1-19.6.3]\n- Resolves: rhbz#642200 openoffice.org various flaws\n- CVE-2010-4643 heap based buffer overflow when parsing TGA files\n[1:3.2.1-19.6.2]\n- Resolves: rhbz#642200 openoffice.org various flaws\n- CVE-2010-4253 heap based buffer overflow in PPT import\n[1:3.2.1-19.6.1]\n- Resolves: rhbz#642200 openoffice.org various flaws\n- CVE-2010-3450 directory traversal flaws in handling of XSLT jar filter\n descriptions and OXT extension files\n- CVE-2010-3451 Array index error by insecure parsing of broken rtf\n tables\n- CVE-2010-3452 Integer signedness error (crash) by processing certain\n RTF tags\n- CVE-2010-3453 Heap-based buffer overflow by processing *.doc files\n with WW8 list styles with specially-crafted count of list levels\n- CVE-2010-3454 Array index error by scanning document typography\n information of certain *.doc files\n- CVE-2010-3689 soffice insecure LD_LIBRARY_PATH setting", "published": "2011-02-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2011-0183.html", "cvelist": ["CVE-2010-3450", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2016-09-04T11:16:35"}], "debian": [{"id": "DSA-2151", "type": "debian", "title": "openoffice.org -- several vulnerabilities", "description": "Several security related problems have been discovered in the OpenOffice.org package that allows malformed documents to trick the system into crashes or even the execution of arbitrary code.\n\n * [CVE-2010-3450](<https://security-tracker.debian.org/tracker/CVE-2010-3450>)\n\nDuring an internal security audit within Red Hat, a directory traversal vulnerability has been discovered in the way OpenOffice.org 3.1.1 through 3.2.1 processes XML filter files. If a local user is tricked into opening a specially-crafted OOo XML filters package file, this problem could allow remote attackers to create or overwrite arbitrary files belonging to local user or, potentially, execute arbitrary code.\n\n * [CVE-2010-3451](<https://security-tracker.debian.org/tracker/CVE-2010-3451>)\n\nDuring his work as a consultant at Virtual Security Research (VSR), Dan Rosenberg discovered a vulnerability in OpenOffice.org's RTF parsing functionality. Opening a maliciously crafted RTF document can cause an out-of-bounds memory read into previously allocated heap memory, which may lead to the execution of arbitrary code.\n\n * [CVE-2010-3452](<https://security-tracker.debian.org/tracker/CVE-2010-3452>)\n\nDan Rosenberg discovered a vulnerability in the RTF file parser which can be leveraged by attackers to achieve arbitrary code execution by convincing a victim to open a maliciously crafted RTF file.\n\n * [CVE-2010-3453](<https://security-tracker.debian.org/tracker/CVE-2010-3453>)\n\nAs part of his work with Virtual Security Research, Dan Rosenberg discovered a vulnerability in the WW8ListManager::WW8ListManager() function of OpenOffice.org that allows a maliciously crafted file to cause the execution of arbitrary code.\n\n * [CVE-2010-3454](<https://security-tracker.debian.org/tracker/CVE-2010-3454>)\n\nAs part of his work with Virtual Security Research, Dan Rosenberg discovered a vulnerability in the WW8DopTypography::ReadFromMem() function in OpenOffice.org that may be exploited by a maliciously crafted file which allows an attacker to control program flow and potentially execute arbitrary code.\n\n * [CVE-2010-3689](<https://security-tracker.debian.org/tracker/CVE-2010-3689>)\n\nDmitri Gribenko discovered that the soffice script does not treat an empty LD_LIBRARY_PATH variable like an unset one, which may lead to the execution of arbitrary code.\n\n * [CVE-2010-4253](<https://security-tracker.debian.org/tracker/CVE-2010-4253>)\n\nA heap based buffer overflow has been discovered with unknown impact.\n\n * [CVE-2010-4643](<https://security-tracker.debian.org/tracker/CVE-2010-4643>)\n\nA vulnerability has been discovered in the way OpenOffice.org handles TGA graphics which can be tricked by a specially crafted TGA file that could cause the program to crash due to a heap-based buffer overflow with unknown impact.\n\nFor the stable distribution (lenny) these problems have been fixed in version 2.4.1+dfsg-1+lenny11.\n\nFor the upcoming stable distribution (squeeze) these problems have been fixed in version 3.2.1-11+squeeze1.\n\nFor the unstable distribution (sid) these problems have been fixed in version 3.2.1-11+squeeze1.\n\nFor the experimental distribution these problems have been fixed in version 3.3.0~rc3-1.\n\nWe recommend that you upgrade your OpenOffice.org packages.", "published": "2011-01-26T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-2151", "cvelist": ["CVE-2010-3450", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-3452"], "lastseen": "2016-09-02T18:24:57"}], "ubuntu": [{"id": "USN-1056-1", "type": "ubuntu", "title": "OpenOffice.org vulnerabilities", "description": "Charlie Miller discovered several heap overflows in PPT processing. If a user or automated system were tricked into opening a specially crafted PPT document, a remote attacker could execute arbitrary code with user privileges. Ubuntu 10.10 was not affected. (CVE-2010-2935, CVE-2010-2936)\n\nMarc Schoenefeld discovered that directory traversal was not correctly handled in XSLT, OXT, JAR, or ZIP files. If a user or automated system were tricked into opening a specially crafted document, a remote attacker overwrite arbitrary files, possibly leading to arbitrary code execution with user privileges. (CVE-2010-3450)\n\nDan Rosenberg discovered multiple heap overflows in RTF and DOC processing. If a user or automated system were tricked into opening a specially crafted RTF or DOC document, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454)\n\nDmitri Gribenko discovered that OpenOffice.org did not correctly handle LD_LIBRARY_PATH in various tools. If a local attacker tricked a user or automated system into using OpenOffice.org from an attacker-controlled directory, they could execute arbitrary code with user privileges. (CVE-2010-3689)\n\nMarc Schoenefeld discovered that OpenOffice.org did not correctly process PNG images. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-4253)\n\nIt was discovered that OpenOffice.org did not correctly process TGA images. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-4643)", "published": "2011-02-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/1056-1/", "cvelist": ["CVE-2010-3450", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-2935", "CVE-2010-3451", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2010-2936", "CVE-2010-3452"], "lastseen": "2018-03-29T18:18:16"}], "gentoo": [{"id": "GLSA-201408-19", "type": "gentoo", "title": "OpenOffice, LibreOffice: Multiple vulnerabilities", "description": "### Background\n\nOpenOffice is the open source version of StarOffice, a full office productivity suite. LibreOffice is a fork of OpenOffice. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenOffice (binary) users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-office/openoffice-bin-3.5.5.3\"\n \n\nAll LibreOffice users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/libreoffice-4.2.5.2\"\n \n\nAll LibreOffice (binary) users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-office/libreoffice-bin-4.2.5.2\"\n \n\nWe recommend that users unmerge OpenOffice:\n \n \n # emerge --unmerge \"app-office/openoffice\"", "published": "2014-08-31T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201408-19", "cvelist": ["CVE-2012-0037", "CVE-2009-3302", "CVE-2012-2665", "CVE-2010-3450", "CVE-2009-3301", "CVE-2009-0217", "CVE-2009-0200", "CVE-2009-2949", "CVE-2012-2149", "CVE-2011-2713", "CVE-2006-4339", "CVE-2010-3689", "CVE-2010-4253", "CVE-2012-2334", "CVE-2010-2935", "CVE-2010-3451", "CVE-2010-0395", "CVE-2009-2950", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2014-0247", "CVE-2010-2936", "CVE-2009-0201", "CVE-2012-1149", "CVE-2010-3452"], "lastseen": "2016-09-06T19:46:15"}], "oracle": [{"id": "ORACLE:CPUAPR2011-301950", "type": "oracle", "title": "cpuapr2011", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are cumulative but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** This Critical Patch Update contains 73 new security fixes across all product families listed below.\n", "published": "2011-04-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "", "cvelist": ["CVE-2011-0799", "CVE-2011-0412", "CVE-2011-0801", "CVE-2011-0808", "CVE-2011-0859", "CVE-2011-0856", "CVE-2011-0793", "CVE-2011-0791", "CVE-2010-4468", "CVE-2010-3450", "CVE-2011-0837", "CVE-2011-0787", "CVE-2011-0821", "CVE-2011-0812", "CVE-2011-0827", "CVE-2011-0805", "CVE-2011-0846", "CVE-2011-0824", "CVE-2011-0807", "CVE-2010-4452", "CVE-2011-0810", "CVE-2011-0790", "CVE-2010-4462", "CVE-2011-0851", "CVE-2010-4448", "CVE-2010-4465", "CVE-2011-0803", "CVE-2011-0798", "CVE-2010-3689", "CVE-2011-0820", "CVE-2010-4454", "CVE-2011-0806", "CVE-2010-4253", "CVE-2011-0809", "CVE-2011-0789", "CVE-2011-0841", "CVE-2011-0861", "CVE-2010-3451", "CVE-2011-0795", "CVE-2010-4450", "CVE-2011-0834", "CVE-2011-0825", "CVE-2011-0823", "CVE-2011-0850", "CVE-2010-4473", "CVE-2011-0860", "CVE-2011-0828", "CVE-2011-0858", "CVE-2011-0847", "CVE-2009-3555", "CVE-2010-3454", "CVE-2010-4476", "CVE-2010-4472", "CVE-2011-0843", "CVE-2010-4471", "CVE-2011-0849", "CVE-2011-0800", "CVE-2011-0826", "CVE-2011-0840", "CVE-2011-0857", "CVE-2011-0792", "CVE-2011-0818", "CVE-2010-4643", "CVE-2011-0853", "CVE-2011-0794", "CVE-2010-3453", "CVE-2011-0836", "CVE-2011-0839", "CVE-2010-4470", "CVE-2011-0796", "CVE-2011-0833", "CVE-2011-0813", "CVE-2011-0804", "CVE-2011-0819", "CVE-2011-0844", "CVE-2011-0829", "CVE-2011-0855", "CVE-2011-0797", "CVE-2011-0411", "CVE-2011-0785", "CVE-2010-3452", "CVE-2011-0854"], "lastseen": "2018-04-18T20:24:09"}]}}