Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Feb 2022, 17:02
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sun:openoffice.org:2.4.1:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:3.1.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:* cpe:2.3:a:sun:openoffice.org:2.0.4:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.4.2:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.0.3:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:3.1.1:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.4.0:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:3.0.0:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:3.0.1:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.3.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.4.3:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.0.0:*:*:*:*:*:*:* |
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:* cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* |
References | (SECUNIA) http://secunia.com/advisories/40775 - Broken Link | |
References | (GENTOO) http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml - Third Party Advisory | |
References | (OSVDB) http://osvdb.org/70711 - Broken Link | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-0182.html - Broken Link | |
References | (BID) http://www.securityfocus.com/bid/46031 - Broken Link, Third Party Advisory, VDB Entry | |
References | (VUPEN) http://www.vupen.com/english/advisories/2011/0232 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/43118 - Broken Link | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-0181.html - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/42999 - Broken Link | |
References | (DEBIAN) http://www.debian.org/security/2011/dsa-2151 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/60799 - Broken Link | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=602324 - Issue Tracking, Patch, Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2011/0230 - Broken Link | |
References | (SECTRACK) http://www.securitytracker.com/id?1025002 - Broken Link, Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html - Third Party Advisory | |
References | (UBUNTU) http://ubuntu.com/usn/usn-1056-1 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/43065 - Broken Link | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/43105 - Broken Link | |
References | (VUPEN) http://www.vupen.com/english/advisories/2011/0279 - Broken Link |
Information
Published : 2011-01-28 22:00
Updated : 2024-02-04 17:54
NVD link : CVE-2010-3450
Mitre link : CVE-2010-3450
CVE.ORG link : CVE-2010-3450
JSON object : View
Products Affected
apache
- openoffice
debian
- debian_linux
canonical
- ubuntu_linux
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')