// For flags

CVE-2010-3453

OpenOffice.org: Heap-based buffer overflow by processing *.doc files with WW8 list styles with specially-crafted count of list levels

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.

La función WW8ListManager::WW8ListManager en oowriter en OpenOffice.org v2.x (OOo) y v3.x anterior a v3.3 no controla correctamente un número no especificado de niveles de lista en la lista de estilos para el usuario en datos WW8 en un documento de Microsoft Word, que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un archivo DOC manipulado que desencadena una escritura fuera de rango.

Multiple vulnerabilities have been addressed in OpenOffice. Charlie Miller discovered several heap overflows in PPT processing. Marc Schoenefeld discovered that directory traversal was not correctly handled in XSLT, OXT, JAR, or ZIP files. Dan Rosenberg discovered multiple heap overflows in RTF and DOC processing. Dmitri Gribenko discovered that OpenOffice.org did not correctly handle LD_LIBRARY_PATH in various tools. Marc Schoenefeld discovered that OpenOffice.org did not correctly process PNG images. It was discovered that OpenOffice.org did not correctly process TGA images.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-09-17 CVE Reserved
  • 2011-01-26 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-122: Heap-based Buffer Overflow
  • CWE-787: Out-of-bounds Write
CAPEC
References (24)
URL Tag Source
http://osvdb.org/70714 Broken Link
http://secunia.com/advisories/40775 Broken Link
http://secunia.com/advisories/42999 Broken Link
http://secunia.com/advisories/43065 Broken Link
http://secunia.com/advisories/43105 Broken Link
http://secunia.com/advisories/43118 Broken Link
http://secunia.com/advisories/60799 Broken Link
http://www.cs.brown.edu/people/drosenbe/research.html Broken Link
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html Third Party Advisory
http://www.securityfocus.com/bid/46031 Broken Link
http://www.securitytracker.com/id?1025002 Broken Link
http://www.vsecurity.com/resources/advisory/20110126-1 Broken Link
http://www.vupen.com/english/advisories/2011/0230 Broken Link
http://www.vupen.com/english/advisories/2011/0232 Broken Link
http://www.vupen.com/english/advisories/2011/0279 Broken Link
URL Date SRC
URL Date SRC
URL Date SRC
http://ubuntu.com/usn/usn-1056-1 2023-02-13
http://www.debian.org/security/2011/dsa-2151 2023-02-13
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml 2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 2023-02-13
http://www.openoffice.org/security/cves/CVE-2010-3453_CVE-2010-3454.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0181.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0182.html 2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=640950 2011-01-28
https://access.redhat.com/security/cve/CVE-2010-3453 2011-01-28
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Openoffice
Search vendor "Apache" for product "Openoffice"
 >= 2.0.0 < 3.3.0
Search vendor "Apache" for product "Openoffice" and version " >= 2.0.0 < 3.3.0"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 8.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 9.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "9.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 10.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 10.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "10.10"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 5.0
Search vendor "Debian" for product "Debian Linux" and version "5.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 6.0
Search vendor "Debian" for product "Debian Linux" and version "6.0"
-
Affected