CVE-2010-3450
OpenOffice.org: directory traversal flaws in handling of XSLT jar filter descriptions and OXT extension files
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.
Múltiples vulnerabilidades de salto de directorio en OpenOffice.org (OOo) v2.x y v3.x anteriores a v3.3, permite a atacantes remotos añadir y ejecutar comandos de su elección a través de .. (punto punto) en el parámetro "site" a (1) index.php y (2) admin.php.
Multiple vulnerabilities have been addressed in OpenOffice. Charlie Miller discovered several heap overflows in PPT processing. Marc Schoenefeld discovered that directory traversal was not correctly handled in XSLT, OXT, JAR, or ZIP files. Dan Rosenberg discovered multiple heap overflows in RTF and DOC processing. Dmitri Gribenko discovered that OpenOffice.org did not correctly handle LD_LIBRARY_PATH in various tools. Marc Schoenefeld discovered that OpenOffice.org did not correctly process PNG images. It was discovered that OpenOffice.org did not correctly process TGA images.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-09-17 CVE Reserved
- 2011-01-26 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (22)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/70711 | Broken Link | |
| http://secunia.com/advisories/40775 | Broken Link | |
| http://secunia.com/advisories/42999 | Broken Link | |
| http://secunia.com/advisories/43065 | Broken Link | |
| http://secunia.com/advisories/43105 | Broken Link | |
| http://secunia.com/advisories/43118 | Broken Link | |
| http://secunia.com/advisories/60799 | Broken Link | |
| http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/46031 | Broken Link | |
| http://www.securitytracker.com/id?1025002 | Broken Link | |
| http://www.vupen.com/english/advisories/2011/0230 | Broken Link | |
| http://www.vupen.com/english/advisories/2011/0232 | Broken Link | |
| http://www.vupen.com/english/advisories/2011/0279 | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=602324 | 2011-01-28 |
| URL | Date | SRC |
|---|---|---|
| http://ubuntu.com/usn/usn-1056-1 | 2022-02-07 | |
| http://www.debian.org/security/2011/dsa-2151 | 2022-02-07 | |
| http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml | 2022-02-07 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 | 2022-02-07 | |
| http://www.openoffice.org/security/cves/CVE-2010-3450.html | 2022-02-07 | |
| http://www.redhat.com/support/errata/RHSA-2011-0181.html | 2022-02-07 | |
| http://www.redhat.com/support/errata/RHSA-2011-0182.html | 2022-02-07 | |
| https://access.redhat.com/security/cve/CVE-2010-3450 | 2011-01-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Openoffice Search vendor "Apache" for product "Openoffice" | >= 2.0.0 < 3.3.0 Search vendor "Apache" for product "Openoffice" and version " >= 2.0.0 < 3.3.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 9.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.10" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 5.0 Search vendor "Debian" for product "Debian Linux" and version "5.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 6.0 Search vendor "Debian" for product "Debian Linux" and version "6.0" | - |
Affected
| ||||||