9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.149 Low
EPSS
Percentile
95.9%
Versions of OpenOffice earlier than 3.3 are potentially affected by several issues :
Issues exist relating to PowerPoint document parsing that may lead to arbitrary code execution. (CVE-2010-2935, CVE-2010-2936)
A directory traversal vulnerability exists in zip / jar package extraction. (CVE-2010-3450)
Issues exist relating to RTF document processing that may lead to arbitrary code execution. (CVE-2010-3451, CVE-2010-3452)
Issues exist relating to Word document processing that may lead to arbitrary code execution. (CVE-2010-3453, CVE-2010-3454)
The OpenOffice.org start script and other shell scripts expand the LD_LIBRARY_PATH in a way that the current directory might be searched for libraries before /lib and /usr/lib. (CVE-2010-3689)
Issues exist in the third party XPDF library relating to PDf processing that may allow arbitrary code execution. (CVE-2010-3702, CVE-2010-3704)
OpenOffice.org includes a version of LIBXML2 that is affected by multiple vulnerabilities. (CVE-2010-4008, CVE-2010-4494)
An issue exists with PNG file processing that may allow arbitrary code execution. (CVE-2010-4253)
An issue exists with TGA file processing that may allow arbitrary code execution. (CVE-2010-4643)
Binary data 5745.prm
Vendor | Product | Version | CPE |
---|---|---|---|
sun | openoffice.org | cpe:/a:sun:openoffice.org |
archives.neohapsis.com/archives/fulldisclosure/2011-01/0490.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2935
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2936
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3450
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3451
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3452
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3453
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3454
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3689
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4253
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4494
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4643
www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html
www.openoffice.org/security/cves/CVE-2010-3450.html
www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html
www.openoffice.org/security/cves/CVE-2010-3453_CVE-2010-3454.html
www.openoffice.org/security/cves/CVE-2010-3689.html
www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html
www.openoffice.org/security/cves/CVE-2010-4253.html
www.openoffice.org/security/cves/CVE-2010-4643.html