CVE-2010-3450

CWE-22Path Traversal6 documents6 sources
Severity
9.3CRITICAL
EPSS
3.0%
top 13.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apache OpenofficeCanonical Ubuntu LinuxDebian Debian Linux
Timeline
PublishedJan 28
Latest updateMay 13

Description

Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDapache/openoffice2.0.03.3.0

Also affects: Debian Linux 5.0, 6.0, Ubuntu Linux 10.04, 10.10, 8.04, 9.10

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-5jvg-p3q5-62mm: Multiple directory traversal vulnerabilities in OpenOffice2022-05-13
CVEList
CVE-2010-3450: Multiple directory traversal vulnerabilities in OpenOffice2011-01-28

📋Vendor Advisories

2
Ubuntu
OpenOffice.org vulnerabilities2011-02-02
Red Hat
OpenOffice.org: directory traversal flaws in handling of XSLT jar filter descriptions and OXT extension files2011-01-26

💬Community

1
Bugzilla
CVE-2010-3450 OpenOffice.org: directory traversal flaws in handling of XSLT jar filter descriptions and OXT extension files2010-06-09
CVE-2010-3450 (CRITICAL CVSS 9.3) | Multiple directory traversal vulner | cvebase.io