Vulnerability Details CVE-2010-3450
Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 83.1%
CVSS Severity
CVSS v2 Score 9.3
References
- http://osvdb.org/70711
- http://secunia.com/advisories/40775
- http://secunia.com/advisories/42999
- http://secunia.com/advisories/43065
- http://secunia.com/advisories/43105
- http://secunia.com/advisories/43118
- http://secunia.com/advisories/60799
- http://ubuntu.com/usn/usn-1056-1
- http://www.debian.org/security/2011/dsa-2151
- http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:027
- http://www.openoffice.org/security/cves/CVE-2010-3450.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
- http://www.redhat.com/support/errata/RHSA-2011-0181.html
- http://www.redhat.com/support/errata/RHSA-2011-0182.html
- http://www.securityfocus.com/bid/46031
- http://www.securitytracker.com/id?1025002
- http://www.vupen.com/english/advisories/2011/0230
- http://www.vupen.com/english/advisories/2011/0232
- http://www.vupen.com/english/advisories/2011/0279
- https://bugzilla.redhat.com/show_bug.cgi?id=602324
- http://osvdb.org/70711
- http://secunia.com/advisories/40775
- http://secunia.com/advisories/42999
- http://secunia.com/advisories/43065
- http://secunia.com/advisories/43105
- http://secunia.com/advisories/43118
- http://secunia.com/advisories/60799
- http://ubuntu.com/usn/usn-1056-1
- http://www.debian.org/security/2011/dsa-2151
- http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:027
- http://www.openoffice.org/security/cves/CVE-2010-3450.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
- http://www.redhat.com/support/errata/RHSA-2011-0181.html
- http://www.redhat.com/support/errata/RHSA-2011-0182.html
- http://www.securityfocus.com/bid/46031
- http://www.securitytracker.com/id?1025002
- http://www.vupen.com/english/advisories/2011/0230
- http://www.vupen.com/english/advisories/2011/0232
- http://www.vupen.com/english/advisories/2011/0279
- https://bugzilla.redhat.com/show_bug.cgi?id=602324
Products affected by CVE-2010-3450
-
cpe:2.3:a:apache:openoffice:2.0.0
-
cpe:2.3:a:apache:openoffice:2.0.1
-
cpe:2.3:a:apache:openoffice:2.0.2
-
cpe:2.3:a:apache:openoffice:2.0.3
-
cpe:2.3:a:apache:openoffice:2.0.4
-
cpe:2.3:a:apache:openoffice:2.1.0
-
cpe:2.3:a:apache:openoffice:2.2.0
-
cpe:2.3:a:apache:openoffice:2.2.1
-
cpe:2.3:a:apache:openoffice:2.3.0
-
cpe:2.3:a:apache:openoffice:2.3.1
-
cpe:2.3:a:apache:openoffice:2.4.0
-
cpe:2.3:a:apache:openoffice:2.4.1
-
cpe:2.3:a:apache:openoffice:2.4.2
-
cpe:2.3:a:apache:openoffice:2.4.3
-
cpe:2.3:a:apache:openoffice:3.0.0
-
cpe:2.3:a:apache:openoffice:3.0.1
-
cpe:2.3:a:apache:openoffice:3.1.0
-
cpe:2.3:a:apache:openoffice:3.1.1
-
cpe:2.3:a:apache:openoffice:3.2.0
-
cpe:2.3:a:apache:openoffice:3.2.1
-
cpe:2.3:o:canonical:ubuntu_linux:10.04
-
cpe:2.3:o:canonical:ubuntu_linux:10.10
-
cpe:2.3:o:canonical:ubuntu_linux:8.04
-
cpe:2.3:o:canonical:ubuntu_linux:9.10
-
cpe:2.3:o:debian:debian_linux:5.0
-
cpe:2.3:o:debian:debian_linux:6.0