Vulnerability CVE-2011-2713

Vulnerability Name:

CVE-2011-2713 (CCN-70337)

Assigned:

2011-10-05

Published:

2011-10-05

Updated:

2014-10-24

Summary:

oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Other

References:

Source: MITRE
Type: CNA
CVE-2011-2713

Source: FEDORA
Type: UNKNOWN
FEDORA-2011-14036

Source: FEDORA
Type: Patch
FEDORA-2011-14049

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2011:1143

Source: OSVDB
Type: UNKNOWN
76178

Source: SECUNIA
Type: UNKNOWN
50692

Source: SECUNIA
Type: UNKNOWN
60799

Source: GENTOO
Type: UNKNOWN
GLSA-201209-05

Source: DEBIAN
Type: UNKNOWN
DSA-2315

Source: DEBIAN
Type: DSA-2315-1
openoffice.org -- multiple vulnerabilities

Source: DEBIAN
Type: DSA-2315
openoffice.org -- multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-201408-19

Source: CONFIRM
Type: Vendor Advisory
http://www.libreoffice.org/advisories/CVE-2011-2713/

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2011:172

Source: CCN
Type: OpenOffice.org Web Site
OpenOffice.org

Source: CCN
Type: OSVDB ID: 76178
OpenOffice.org (OOo) Out-of-of Bounds Read DOC FIle Handling Remote DoS

Source: BID
Type: UNKNOWN
49969

Source: CCN
Type: BID-49969
OpenOffice Microsoft Word File Format Importer Multiple Unspecified Security Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1026145

Source: MISC
Type: Patch
https://bugzilla.redhat.com/show_bug.cgi?id=725668

Source: CCN
Type: Red Hat Bugzilla Bug 725668
CVE-2011-2713 openoffice.org: Out-of-bounds read in DOC sprm parser

Source: XF
Type: UNKNOWN
openoffice-docsprmparser-dos(70337)

Vulnerable Configuration:

Configuration 1:

cpe:/a:libreoffice:libreoffice:3.3.0:*:*:*:*:*:*:*

OR cpe:/a:libreoffice:libreoffice:3.3.1:*:*:*:*:*:*:*

OR cpe:/a:libreoffice:libreoffice:3.3.2:*:*:*:*:*:*:*

OR cpe:/a:libreoffice:libreoffice:3.3.3:*:*:*:*:*:*:*

OR cpe:/a:libreoffice:libreoffice:3.3.4:*:*:*:*:*:*:*

OR cpe:/a:libreoffice:libreoffice:3.4.0:*:*:*:*:*:*:*

OR cpe:/a:libreoffice:libreoffice:3.4.1:*:*:*:*:*:*:*

OR cpe:/a:libreoffice:libreoffice:*:*:*:*:*:*:*:* (Version <= 3.4.2)

OR cpe:/a:sun:openoffice.org:3.3.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:openoffice.org:2.4.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.4.1:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.4.2:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:3.0.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:3.1.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.4.3:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:2.3.1:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:3.2.0:*:*:*:*:*:*:*

OR cpe:/a:sun:openoffice.org:3.2.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20112713	V	CVE-2011-2713	2022-05-20
oval:org.opensuse.security:def:33984	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:32978	P	Security update for MozillaFirefox (Important)	2021-08-17
oval:org.opensuse.security:def:32891	P	Security update for openexr (Moderate)	2021-04-07
oval:org.opensuse.security:def:28942	P	Security update for java-1_8_0-ibm (Important)	2021-02-26
oval:org.opensuse.security:def:34023	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:32834	P	Security update for curl (Moderate)	2020-12-18
oval:org.opensuse.security:def:28858	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:29297	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:33134	P	libFLAC++6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28801	P	Security update for openssh (Critical)	2020-12-01
oval:org.opensuse.security:def:32516	P	fvwm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29935	P	Security update for libidn (Moderate)	2020-12-01
oval:org.opensuse.security:def:33240	P	pure-ftpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32605	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28505	P	Security update for openssh-openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33302	P	xorg-x11-libxcb-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29148	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:28517	P	Security update for openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29236	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:28716	P	Security update for java-1_7_0-openjdk (Critical)	2020-12-01
oval:org.opensuse.security:def:32515	P	fuse on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33191	P	libvorbis on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32527	P	gtk2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29971	P	Security update for LibreOffice	2020-12-01
oval:org.opensuse.security:def:33279	P	vino on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29094	P	Recommended update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:32740	P	libxslt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28506	P	Security update for openssh-openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:33346	P	Security update for openssh-openssl1 (Critical)	2020-12-01
oval:org.opensuse.security:def:29197	P	Security update for openssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:28585	P	Security update for libvirt	2020-12-01
oval:org.opensuse.security:def:29253	P	Security update for tcpdump (Important)	2020-12-01
oval:org.mitre.oval:def:17917	P	USN-1496-1 -- openoffice.org vulnerabilities	2014-06-30
oval:org.mitre.oval:def:14956	P	DSA-2315-1 openoffice.org -- multiple vulnerabilities	2014-06-23
oval:com.ubuntu.precise:def:20112713000	V	CVE-2011-2713 on Ubuntu 12.04 LTS (precise) - low.	2011-10-21

BACK