// For flags

CVE-2010-3452

OpenOffice.org: Integer signedness error (crash) by processing certain RTF tags

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document.

Vulnerabilidad uso después de liberación en oowriter en OpenOffice.org (OOo) v2.x y v3.x antes de v3.3 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de la manipulación de etiquetas en un documento RTF.

Multiple vulnerabilities have been addressed in OpenOffice. Charlie Miller discovered several heap overflows in PPT processing. Marc Schoenefeld discovered that directory traversal was not correctly handled in XSLT, OXT, JAR, or ZIP files. Dan Rosenberg discovered multiple heap overflows in RTF and DOC processing. Dmitri Gribenko discovered that OpenOffice.org did not correctly handle LD_LIBRARY_PATH in various tools. Marc Schoenefeld discovered that OpenOffice.org did not correctly process PNG images. It was discovered that OpenOffice.org did not correctly process TGA images.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-09-17 CVE Reserved
  • 2011-01-26 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-07-31 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-416: Use After Free
CAPEC
References (25)
URL Tag Source
http://osvdb.org/70713 Broken Link
http://secunia.com/advisories/40775 Broken Link
http://secunia.com/advisories/42999 Broken Link
http://secunia.com/advisories/43065 Broken Link
http://secunia.com/advisories/43105 Broken Link
http://secunia.com/advisories/43118 Broken Link
http://secunia.com/advisories/60799 Broken Link
http://www.cs.brown.edu/people/drosenbe/research.html Broken Link
http://www.securityfocus.com/bid/46031 Broken Link
http://www.securitytracker.com/id?1025002 Broken Link
http://www.vsecurity.com/resources/advisory/20110126-1 Broken Link
http://www.vupen.com/english/advisories/2011/0230 Broken Link
http://www.vupen.com/english/advisories/2011/0232 Broken Link
http://www.vupen.com/english/advisories/2011/0279 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/65031 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
http://ubuntu.com/usn/usn-1056-1 2022-02-07
http://www.debian.org/security/2011/dsa-2151 2022-02-07
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml 2022-02-07
http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 2022-02-07
http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html 2022-02-07
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html 2022-02-07
http://www.redhat.com/support/errata/RHSA-2011-0181.html 2022-02-07
http://www.redhat.com/support/errata/RHSA-2011-0182.html 2022-02-07
https://bugzilla.redhat.com/show_bug.cgi?id=640241 2011-01-28
https://access.redhat.com/security/cve/CVE-2010-3452 2011-01-28
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Openoffice
Search vendor "Apache" for product "Openoffice"
 >= 2.0.0 < 3.3.0
Search vendor "Apache" for product "Openoffice" and version " >= 2.0.0 < 3.3.0"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 8.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 9.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "9.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 10.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 10.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "10.10"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 5.0
Search vendor "Debian" for product "Debian Linux" and version "5.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 6.0
Search vendor "Debian" for product "Debian Linux" and version "6.0"
-
Affected