CVE-2010-3689 – OpenOffice.org: soffice insecure LD_LIBRARY_PATH setting
https://notcve.org/view.php?id=CVE-2010-3689
soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. soffice en OpenOffice.org (OOo) v3.x anteriores a v3.3 pone un nombre de directorio de longitud cero en el LD_LIBRARY_PATH, que permite a usuarios locales conseguir privilegios a través de un caballo de Troya en una biblioteca compartida en el directorio de trabajo actual. • http://osvdb.org/70716 http://secunia.com/advisories/40775 http://secunia.com/advisories/42999 http://secunia.com/advisories/43065 http://secunia.com/advisories/43105 http://secunia.com/advisories/60799 http://ubuntu.com/usn/usn-1056-1 http://www.debian.org/security/2011/dsa-2151 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 http://www.openoffice.org/security/cves/CVE-2010-3689.html htt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-3452 – OpenOffice.org: Integer signedness error (crash) by processing certain RTF tags
https://notcve.org/view.php?id=CVE-2010-3452
Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document. Vulnerabilidad uso después de liberación en oowriter en OpenOffice.org (OOo) v2.x y v3.x antes de v3.3 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de la manipulación de etiquetas en un documento RTF. • http://osvdb.org/70713 http://secunia.com/advisories/40775 http://secunia.com/advisories/42999 http://secunia.com/advisories/43065 http://secunia.com/advisories/43105 http://secunia.com/advisories/43118 http://secunia.com/advisories/60799 http://ubuntu.com/usn/usn-1056-1 http://www.cs.brown.edu/people/drosenbe/research.html http://www.debian.org/security/2011/dsa-2151 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security& • CWE-416: Use After Free •
CVE-2010-3453 – OpenOffice.org: Heap-based buffer overflow by processing *.doc files with WW8 list styles with specially-crafted count of list levels
https://notcve.org/view.php?id=CVE-2010-3453
The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write. La función WW8ListManager::WW8ListManager en oowriter en OpenOffice.org v2.x (OOo) y v3.x anterior a v3.3 no controla correctamente un número no especificado de niveles de lista en la lista de estilos para el usuario en datos WW8 en un documento de Microsoft Word, que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un archivo DOC manipulado que desencadena una escritura fuera de rango. • http://osvdb.org/70714 http://secunia.com/advisories/40775 http://secunia.com/advisories/42999 http://secunia.com/advisories/43065 http://secunia.com/advisories/43105 http://secunia.com/advisories/43118 http://secunia.com/advisories/60799 http://ubuntu.com/usn/usn-1056-1 http://www.cs.brown.edu/people/drosenbe/research.html http://www.debian.org/security/2011/dsa-2151 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2010-3454 – OpenOffice.org: Array index error by scanning document typography information of certain *.doc files
https://notcve.org/view.php?id=CVE-2010-3454
Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write. Múltiples errores de superación de límite (off-by-one) en la función WW8DopTypography::ReadFromMem en oowriter en OpenOffice.org (OOo) v2.x y v3.x anteriores a v3.3 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código de su elección a través de información tipográfica manipulada en un fichero manipulado de Microsoft Word (.DOC) que provoca una lectura fuera de rango. . • http://osvdb.org/70715 http://secunia.com/advisories/40775 http://secunia.com/advisories/42999 http://secunia.com/advisories/43065 http://secunia.com/advisories/43105 http://secunia.com/advisories/43118 http://secunia.com/advisories/60799 http://ubuntu.com/usn/usn-1056-1 http://www.cs.brown.edu/people/drosenbe/research.html http://www.debian.org/security/2011/dsa-2151 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security& • CWE-193: Off-by-one Error •
CVE-2010-3450 – OpenOffice.org: directory traversal flaws in handling of XSLT jar filter descriptions and OXT extension files
https://notcve.org/view.php?id=CVE-2010-3450
Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files. Múltiples vulnerabilidades de salto de directorio en OpenOffice.org (OOo) v2.x y v3.x anteriores a v3.3, permite a atacantes remotos añadir y ejecutar comandos de su elección a través de .. (punto punto) en el parámetro "site" a (1) index.php y (2) admin.php. • http://osvdb.org/70711 http://secunia.com/advisories/40775 http://secunia.com/advisories/42999 http://secunia.com/advisories/43065 http://secunia.com/advisories/43105 http://secunia.com/advisories/43118 http://secunia.com/advisories/60799 http://ubuntu.com/usn/usn-1056-1 http://www.debian.org/security/2011/dsa-2151 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 http://www.openoffice.org • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •