Vulnerability Name:

CVE-2010-3450 (CCN-65425)

Assigned:2010-09-17
Published:2011-01-26
Updated:2022-02-07
Summary:Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
4.0 Medium (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.0 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-22
Vulnerability Consequences:File Manipulation
References:Source: MITRE
Type: CNA
CVE-2010-3450

Source: OSVDB
Type: Broken Link
70711

Source: CCN
Type: RHSA-2011-0181
Important: openoffice.org and openoffice.org2 security update

Source: CCN
Type: RHSA-2011-0182
Important: openoffice.org security update

Source: CCN
Type: RHSA-2011-0183
Important: openoffice.org security and bug fix update

Source: SECUNIA
Type: Broken Link
40775

Source: SECUNIA
Type: Broken Link
42999

Source: SECUNIA
Type: Broken Link
43065

Source: SECUNIA
Type: Broken Link
43105

Source: SECUNIA
Type: Broken Link
43118

Source: CCN
Type: SA44202
IBM Lotus Symphony OpenOffice.org Multiple Vulnerabilities

Source: SECUNIA
Type: Broken Link
60799

Source: UBUNTU
Type: Third Party Advisory
USN-1056-1

Source: DEBIAN
Type: Third Party Advisory
DSA-2151

Source: DEBIAN
Type: DSA-2151
openoffice.org -- several vulnerabilities

Source: GENTOO
Type: Third Party Advisory
GLSA-201408-19

Source: MANDRIVA
Type: Broken Link
MDVSA-2011:027

Source: CCN
Type: OpenOffice.org Web site
Security Vulnerability in OpenOffice.org related to Extensions and filter package files

Source: CONFIRM
Type: Vendor Advisory
http://www.openoffice.org/security/cves/CVE-2010-3450.html

Source: CCN
Type: Oracle Critical Patch Update Advisory - April 2011
Oracle Critical Patch Update Advisory - April 2011

Source: CONFIRM
Type: Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

Source: CCN
Type: OSVDB ID: 70711
OpenOffice.org (OOo) Multiple File Type Traversal Arbitrary File Overwrite

Source: REDHAT
Type: Broken Link
RHSA-2011:0181

Source: REDHAT
Type: Broken Link
RHSA-2011:0182

Source: BID
Type: Broken Link, Third Party Advisory, VDB Entry
46031

Source: CCN
Type: BID-46031
OpenOffice Multiple Remote Code Execution Vulnerabilities

Source: SECTRACK
Type: Broken Link, Third Party Advisory, VDB Entry
1025002

Source: VUPEN
Type: Broken Link
ADV-2011-0230

Source: VUPEN
Type: Broken Link
ADV-2011-0232

Source: VUPEN
Type: Broken Link
ADV-2011-0279

Source: CCN
Type: Red Hat Bugzilla Bug 602324
CVE-2010-3450 OpenOffice.org: directory traversal flaws in handling of XSLT jar filter descriptions and OXT extension files

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=602324

Source: XF
Type: UNKNOWN
ooo-xsltjar-oxt-zip-dir-traversal(65425)

Source: CCN
Type: IBM Support & Downloads Web site
IBM Lotus Symphony 3.0 Component Fix Pack 2 Release Notes

Source: SUSE
Type: SUSE-SR:2011:007
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:openoffice:*:*:*:*:*:*:*:* (Version >= 2.0.0 and < 3.3.0)

    • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:6.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 10:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 11:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 12:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 13:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:openoffice.org:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:3.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:3.2.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_symphony:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:26107
    P
    		Security update for openssl-1_0_0 (Important)
    2021-08-24
    oval:org.opensuse.security:def:26104
    P
    		Security update for libcares2 (Important)
    2021-08-16
    oval:org.opensuse.security:def:20103450
    V
    		CVE-2010-3450
    2021-08-15
    oval:org.opensuse.security:def:36482
    P
    		libreoffice-testtool-3.4.5.5-0.3.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36479
    P
    		libreoffice-4.0.3.3.26-0.10.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26043
    P
    		Security update for bind (Important)
    2021-05-04
    oval:org.opensuse.security:def:26040
    P
    		Security update for gdm (Important)
    2021-04-28
    oval:org.opensuse.security:def:26032
    P
    		Security update for sudo (Important)
    2021-04-20
    oval:org.opensuse.security:def:26029
    P
    		Security update for the Linux Kernel (Important)
    2021-04-15
    oval:org.opensuse.security:def:26028
    P
    		Security update for xorg-x11-server (Important)
    2021-04-13
    oval:org.opensuse.security:def:26031
    P
    		Security update for php74 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:26316
    P
    		Recommended update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:27445
    P
    		libexpat-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26746
    P
    		libfreebl3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26457
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:26232
    P
    		Security update for openconnect (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26804
    P
    		perl-HTML-Parser on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26661
    P
    		OpenEXR on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26370
    P
    		Security update for mbedtls (Important)
    2020-12-01
    oval:org.opensuse.security:def:27477
    P
    		libreoffice on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26749
    P
    		libgtop on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26605
    P
    		libtiff3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26235
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26807
    P
    		perl-spamassassin on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26707
    P
    		glib2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26373
    P
    		Security update for ffmpeg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27480
    P
    		libreoffice-testtool on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26760
    P
    		libpoppler-glib4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26608
    P
    		libxml2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26313
    P
    		Security update for python-requests (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27442
    P
    		libevent-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26710
    P
    		gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26454
    P
    		Security update for python-Jinja2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26763
    P
    		libqt4-sql-mysql on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26658
    P
    		MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:12858
    P
    		DSA-2151-1 openoffice.org -- several
    2015-02-23
    oval:org.mitre.oval:def:13739
    P
    		USN-1056-1 -- openoffice.org vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:23069
    P
    		ELSA-2011:0182: openoffice.org security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:23509
    P
    		ELSA-2011:0183: openoffice.org security and bug fix update (Important)
    2014-05-26
    oval:org.mitre.oval:def:21381
    P
    		RHSA-2011:0182: openoffice.org security update (Important)
    2014-02-24
    oval:org.mitre.oval:def:21625
    P
    		RHSA-2011:0183: openoffice.org security and bug fix update (Important)
    2014-02-24
    oval:com.redhat.rhsa:def:20110181
    P
    		RHSA-2011:0181: openoffice.org and openoffice.org2 security update (Important)
    2011-01-28
    oval:com.redhat.rhsa:def:20110182
    P
    		RHSA-2011:0182: openoffice.org security update (Important)
    2011-01-28
    oval:com.redhat.rhsa:def:20110183
    P
    		RHSA-2011:0183: openoffice.org security and bug fix update (Important)
    2011-01-28
    BACK
    apache openoffice *
    canonical ubuntu linux 8.04
    canonical ubuntu linux 9.10
    canonical ubuntu linux 10.04
    canonical ubuntu linux 10.10
    debian debian linux 5.0
    debian debian linux 6.0
    sun openoffice.org 2.0.0
    sun openoffice.org 2.1.0
    sun openoffice.org 2.2.0
    sun openoffice.org 2.3.0
    sun openoffice.org 2.4.0
    sun openoffice.org 2.4.1
    sun openoffice.org 2.4.2
    sun openoffice.org 3.0.0
    sun openoffice.org 3.0.1
    sun openoffice.org 3.1.0
    sun openoffice.org 3.1.1
    sun openoffice.org 2.4.3
    sun openoffice.org 2.0.3
    sun openoffice.org 2.0.4
    sun openoffice.org 2.3.1
    sun openoffice.org 2.2.1
    sun openoffice.org 3.2.0
    sun openoffice.org 3.2.1
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 6
    redhat enterprise linux 6
    ibm lotus symphony 3.0.0
    redhat enterprise linux desktop 6