Vulnerability CVE-2010-3452

Vulnerability Name:

CVE-2010-3452 (CCN-65031)

Assigned:

2010-09-17

Published:

2011-01-26

Updated:

2022-02-07

Summary:

Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-416

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-3452

Source: OSVDB
Type: Broken Link
70713

Source: CCN
Type: RHSA-2011-0181
Important: openoffice.org and openoffice.org2 security update

Source: CCN
Type: RHSA-2011-0182
Important: openoffice.org security update

Source: CCN
Type: RHSA-2011-0183
Important: openoffice.org security and bug fix update

Source: SECUNIA
Type: Broken Link
40775

Source: SECUNIA
Type: Broken Link
42999

Source: SECUNIA
Type: Broken Link
43065

Source: SECUNIA
Type: Broken Link
43105

Source: SECUNIA
Type: Broken Link
43118

Source: CCN
Type: SA44202
IBM Lotus Symphony OpenOffice.org Multiple Vulnerabilities

Source: SECUNIA
Type: Broken Link
60799

Source: UBUNTU
Type: Third Party Advisory
USN-1056-1

Source: MISC
Type: Broken Link
http://www.cs.brown.edu/people/drosenbe/research.html

Source: DEBIAN
Type: Third Party Advisory
DSA-2151

Source: DEBIAN
Type: DSA-2151
openoffice.org -- several vulnerabilities

Source: GENTOO
Type: Third Party Advisory
GLSA-201408-19

Source: MANDRIVA
Type: Broken Link
MDVSA-2011:027

Source: CCN
Type: OpenOffice.org Web Site
OpenOffice.org

Source: CONFIRM
Type: Vendor Advisory
http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html

Source: CCN
Type: Oracle Critical Patch Update Advisory - April 2011
Oracle Critical Patch Update Advisory - April 2011

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

Source: CCN
Type: OSVDB ID: 70713
OpenOffice.org (OOo) oowriter RTF Document Crafted Tags Use-after-free Overflow

Source: REDHAT
Type: Broken Link
RHSA-2011:0181

Source: REDHAT
Type: Broken Link
RHSA-2011:0182

Source: BID
Type: Broken Link, Third Party Advisory, VDB Entry
46031

Source: CCN
Type: BID-46031
OpenOffice Multiple Remote Code Execution Vulnerabilities

Source: SECTRACK
Type: Broken Link, Third Party Advisory, VDB Entry
1025002

Source: MISC
Type: Broken Link
http://www.vsecurity.com/resources/advisory/20110126-1

Source: CCN
Type: VSR Security Advisories
OpenOffice.org Multiple Memory Corruption Vulnerabilities

Source: VUPEN
Type: Broken Link
ADV-2011-0230

Source: VUPEN
Type: Broken Link
ADV-2011-0232

Source: VUPEN
Type: Broken Link
ADV-2011-0279

Source: CONFIRM
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=640241

Source: XF
Type: Third Party Advisory, VDB Entry
ooo-oowriter-ce(65031)

Source: XF
Type: UNKNOWN
ooo-oowriter-ce(65031)

Source: CCN
Type: IBM Support & Downloads Web site
IBM Lotus Symphony 3.0 Component Fix Pack 2 Release Notes

Source: SUSE
Type: SUSE-SR:2011:007
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:openoffice:*:*:*:*:*:*:*:* (Version >= 2.0.0 and < 3.3.0)

Configuration 2:

cpe:/o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:6.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 10:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 11:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 12:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 13:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:openoffice.org:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.1.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.2.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.3.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.4.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.4.1:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.4.2:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:3.0.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:3.1.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.4.3:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.3.1:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:3.2.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:3.2.1:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*

OR cpe:/a:ibm:lotus_symphony:3.0.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:26107	P	Security update for openssl-1_0_0 (Important)	2021-08-24
oval:org.opensuse.security:def:26104	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:20103452	V	CVE-2010-3452	2021-08-15
oval:org.opensuse.security:def:36482	P	libreoffice-testtool-3.4.5.5-0.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36479	P	libreoffice-4.0.3.3.26-0.10.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26043	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:26040	P	Security update for gdm (Important)	2021-04-28
oval:org.opensuse.security:def:26032	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:26029	P	Security update for the Linux Kernel (Important)	2021-04-15
oval:org.opensuse.security:def:26028	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:26031	P	Security update for php74 (Moderate)	2021-01-14
oval:org.opensuse.security:def:26316	P	Recommended update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27445	P	libexpat-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26746	P	libfreebl3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26457	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26232	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:26804	P	perl-HTML-Parser on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26661	P	OpenEXR on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26370	P	Security update for mbedtls (Important)	2020-12-01
oval:org.opensuse.security:def:27477	P	libreoffice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26749	P	libgtop on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26605	P	libtiff3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26235	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26807	P	perl-spamassassin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26707	P	glib2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26373	P	Security update for ffmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:27480	P	libreoffice-testtool on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26760	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26608	P	libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26313	P	Security update for python-requests (Moderate)	2020-12-01
oval:org.opensuse.security:def:27442	P	libevent-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26710	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26454	P	Security update for python-Jinja2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26763	P	libqt4-sql-mysql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26658	P	MozillaFirefox on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:12858	P	DSA-2151-1 openoffice.org -- several	2015-02-23
oval:org.mitre.oval:def:13739	P	USN-1056-1 -- openoffice.org vulnerabilities	2014-06-30
oval:org.mitre.oval:def:23069	P	ELSA-2011:0182: openoffice.org security update (Important)	2014-05-26
oval:org.mitre.oval:def:23509	P	ELSA-2011:0183: openoffice.org security and bug fix update (Important)	2014-05-26
oval:org.mitre.oval:def:21381	P	RHSA-2011:0182: openoffice.org security update (Important)	2014-02-24
oval:org.mitre.oval:def:21625	P	RHSA-2011:0183: openoffice.org security and bug fix update (Important)	2014-02-24
oval:com.redhat.rhsa:def:20110181	P	RHSA-2011:0181: openoffice.org and openoffice.org2 security update (Important)	2011-01-28
oval:com.redhat.rhsa:def:20110182	P	RHSA-2011:0182: openoffice.org security update (Important)	2011-01-28
oval:com.redhat.rhsa:def:20110183	P	RHSA-2011:0183: openoffice.org security and bug fix update (Important)	2011-01-28

BACK