CVE-2010-3453
OpenOffice.org: Heap-based buffer overflow by processing *.doc files with WW8 list styles with specially-crafted count of list levels
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
La función WW8ListManager::WW8ListManager en oowriter en OpenOffice.org v2.x (OOo) y v3.x anterior a v3.3 no controla correctamente un número no especificado de niveles de lista en la lista de estilos para el usuario en datos WW8 en un documento de Microsoft Word, que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un archivo DOC manipulado que desencadena una escritura fuera de rango.
Multiple vulnerabilities have been found in OpenOffice and LibreOffice, the worst of which may result in execution of arbitrary code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-09-17 CVE Reserved
- 2011-01-28 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (24)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/70714 | Broken Link | |
| http://secunia.com/advisories/40775 | Broken Link | |
| http://secunia.com/advisories/42999 | Broken Link | |
| http://secunia.com/advisories/43065 | Broken Link | |
| http://secunia.com/advisories/43105 | Broken Link | |
| http://secunia.com/advisories/43118 | Broken Link | |
| http://secunia.com/advisories/60799 | Broken Link | |
| http://www.cs.brown.edu/people/drosenbe/research.html | Broken Link | |
| http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/46031 | Broken Link | |
| http://www.securitytracker.com/id?1025002 | Broken Link | |
| http://www.vsecurity.com/resources/advisory/20110126-1 | Broken Link | |
| http://www.vupen.com/english/advisories/2011/0230 | Broken Link | |
| http://www.vupen.com/english/advisories/2011/0232 | Broken Link | |
| http://www.vupen.com/english/advisories/2011/0279 | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Openoffice Search vendor "Apache" for product "Openoffice" | >= 2.0.0 < 3.3.0 Search vendor "Apache" for product "Openoffice" and version " >= 2.0.0 < 3.3.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 9.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.10" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 5.0 Search vendor "Debian" for product "Debian Linux" and version "5.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 6.0 Search vendor "Debian" for product "Debian Linux" and version "6.0" | - |
Affected
| ||||||