Vulnerabilities > CVE-2010-3454 - Off-by-one Error vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id OPENOFFICE_33.NASL description The version of Oracle OpenOffice.org installed on the remote host is prior to 3.3. It is, therefore, affected by several issues : - Issues exist relating to PowerPoint document processing that may lead to arbitrary code execution. (CVE-2010-2935, CVE-2010-2936) - A directory traversal vulnerability exists in zip / jar package extraction. (CVE-2010-3450) - Issues exist relating to RTF document processing that may lead to arbitrary code execution. (CVE-2010-3451, CVE-2010-3452) - Issues exist relating to Word document processing that may lead to arbitrary code execution. (CVE-2010-3453, CVE-2010-3454) - Issues exist in the third-party XPDF library relating to PDF document processing that may allow arbitrary code execution. (CVE-2010-3702, CVE-2010-3704) - OpenOffice.org includes a version of LIBXML2 that is affected by multiple vulnerabilities. (CVE-2010-4008, CVE-2010-4494) - An issue exists with PNG file processing that may allow arbitrary code execution. (CVE-2010-4253) - An issue exists with TGA file processing that may allow arbitrary code execution. (CVE-2010-4643) last seen 2020-06-01 modified 2020-06-02 plugin id 51773 published 2011-01-27 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51773 title Oracle OpenOffice.org < 3.3 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(51773); script_version("1.19"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id( "CVE-2010-2935", "CVE-2010-2936", "CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3452", "CVE-2010-3453", "CVE-2010-3454", "CVE-2010-3702", "CVE-2010-3704", "CVE-2010-4008", "CVE-2010-4253", "CVE-2010-4494", "CVE-2010-4643" ); script_bugtraq_id(42202, 44779, 45617, 46031); script_xref(name:"Secunia", value:"40775"); script_name(english:"Oracle OpenOffice.org < 3.3 Multiple Vulnerabilities"); script_summary(english:"Checks the version of OpenOffice.org."); script_set_attribute( attribute:"synopsis", value: "The remote Windows host has a program affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of Oracle OpenOffice.org installed on the remote host is prior to 3.3. It is, therefore, affected by several issues : - Issues exist relating to PowerPoint document processing that may lead to arbitrary code execution. (CVE-2010-2935, CVE-2010-2936) - A directory traversal vulnerability exists in zip / jar package extraction. (CVE-2010-3450) - Issues exist relating to RTF document processing that may lead to arbitrary code execution. (CVE-2010-3451, CVE-2010-3452) - Issues exist relating to Word document processing that may lead to arbitrary code execution. (CVE-2010-3453, CVE-2010-3454) - Issues exist in the third-party XPDF library relating to PDF document processing that may allow arbitrary code execution. (CVE-2010-3702, CVE-2010-3704) - OpenOffice.org includes a version of LIBXML2 that is affected by multiple vulnerabilities. (CVE-2010-4008, CVE-2010-4494) - An issue exists with PNG file processing that may allow arbitrary code execution. (CVE-2010-4253) - An issue exists with TGA file processing that may allow arbitrary code execution. (CVE-2010-4643)"); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2011/Jan/487"); script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html"); script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-3450.html"); script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html"); script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-3453_CVE-2010-3454.html"); script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"); script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html"); script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-4253.html"); script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-4643.html"); script_set_attribute(attribute:"solution", value:"Upgrade to Oracle OpenOffice.org version 3.3 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date",value:"2011/01/26"); script_set_attribute(attribute:"patch_publication_date",value:"2011/01/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/27"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:openoffice.org"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("openoffice_installed.nasl"); script_require_keys("SMB/OpenOffice/Build"); exit(0); } build = get_kb_item("SMB/OpenOffice/Build"); if (build) { matches = eregmatch(string:build, pattern:"([0-9]+[a-z][0-9]+)\(Build:([0-9]+)\)"); if (!isnull(matches)) { buildid = int(matches[2]); if (buildid < 9567) security_hole(get_kb_item("SMB/transport")); else exit(0,"Build " + buildid + " is not affected."); } else exit(1, "Failed to extract the build number from '"+build+"'."); } else exit(1, "The 'SMB/OpenOffice/Build' KB item is missing.");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2151.NASL description Several security related problems have been discovered in the OpenOffice.org package that allows malformed documents to trick the system into crashes or even the execution of arbitrary code. - CVE-2010-3450 During an internal security audit within Red Hat, a directory traversal vulnerability has been discovered in the way OpenOffice.org 3.1.1 through 3.2.1 processes XML filter files. If a local user is tricked into opening a specially crafted OOo XML filters package file, this problem could allow remote attackers to create or overwrite arbitrary files belonging to local user or, potentially, execute arbitrary code. - CVE-2010-3451 During his work as a consultant at Virtual Security Research (VSR), Dan Rosenberg discovered a vulnerability in OpenOffice.org last seen 2020-03-17 modified 2011-01-27 plugin id 51677 published 2011-01-27 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51677 title Debian DSA-2151-1 : openoffice.org - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2151. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(51677); script_version("1.18"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3452", "CVE-2010-3453", "CVE-2010-3454", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-4643"); script_xref(name:"DSA", value:"2151"); script_name(english:"Debian DSA-2151-1 : openoffice.org - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several security related problems have been discovered in the OpenOffice.org package that allows malformed documents to trick the system into crashes or even the execution of arbitrary code. - CVE-2010-3450 During an internal security audit within Red Hat, a directory traversal vulnerability has been discovered in the way OpenOffice.org 3.1.1 through 3.2.1 processes XML filter files. If a local user is tricked into opening a specially crafted OOo XML filters package file, this problem could allow remote attackers to create or overwrite arbitrary files belonging to local user or, potentially, execute arbitrary code. - CVE-2010-3451 During his work as a consultant at Virtual Security Research (VSR), Dan Rosenberg discovered a vulnerability in OpenOffice.org's RTF parsing functionality. Opening a maliciously crafted RTF document can cause an out-of-bounds memory read into previously allocated heap memory, which may lead to the execution of arbitrary code. - CVE-2010-3452 Dan Rosenberg discovered a vulnerability in the RTF file parser which can be leveraged by attackers to achieve arbitrary code execution by convincing a victim to open a maliciously crafted RTF file. - CVE-2010-3453 As part of his work with Virtual Security Research, Dan Rosenberg discovered a vulnerability in the WW8ListManager::WW8ListManager() function of OpenOffice.org that allows a maliciously crafted file to cause the execution of arbitrary code. - CVE-2010-3454 As part of his work with Virtual Security Research, Dan Rosenberg discovered a vulnerability in the WW8DopTypography::ReadFromMem() function in OpenOffice.org that may be exploited by a maliciously crafted file which allows an attacker to control program flow and potentially execute arbitrary code. - CVE-2010-3689 Dmitri Gribenko discovered that the soffice script does not treat an empty LD_LIBRARY_PATH variable like an unset one, which may lead to the execution of arbitrary code. - CVE-2010-4253 A heap based buffer overflow has been discovered with unknown impact. - CVE-2010-4643 A vulnerability has been discovered in the way OpenOffice.org handles TGA graphics which can be tricked by a specially crafted TGA file that could cause the program to crash due to a heap-based buffer overflow with unknown impact." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-3450" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-3451" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-3452" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-3453" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-3454" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-3689" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-4253" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-4643" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2011/dsa-2151" ); script_set_attribute( attribute:"solution", value: "Upgrade the OpenOffice.org packages. For the stable distribution (lenny) these problems have been fixed in version 2.4.1+dfsg-1+lenny11. For the upcoming stable distribution (squeeze) these problems have been fixed in version 3.2.1-11+squeeze1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openoffice.org"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2011/01/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"5.0", prefix:"openoffice.org", reference:"2.4.1+dfsg-1+lenny11")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201408-19.NASL description The remote host is affected by the vulnerability described in GLSA-201408-19 (OpenOffice, LibreOffice: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77467 published 2014-09-01 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77467 title GLSA-201408-19 : OpenOffice, LibreOffice: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201408-19. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(77467); script_version("1.10"); script_cvs_date("Date: 2019/08/12 17:35:38"); script_cve_id("CVE-2006-4339", "CVE-2009-0200", "CVE-2009-0201", "CVE-2009-0217", "CVE-2009-2949", "CVE-2009-2950", "CVE-2009-3301", "CVE-2009-3302", "CVE-2010-0395", "CVE-2010-2935", "CVE-2010-2936", "CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3452", "CVE-2010-3453", "CVE-2010-3454", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-4643", "CVE-2011-2713", "CVE-2012-0037", "CVE-2012-1149", "CVE-2012-2149", "CVE-2012-2334", "CVE-2012-2665", "CVE-2014-0247"); script_bugtraq_id(35671, 36200, 38218, 40599, 42202, 46031, 49969, 52681, 53570, 54769, 68151); script_xref(name:"GLSA", value:"201408-19"); script_name(english:"GLSA-201408-19 : OpenOffice, LibreOffice: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201408-19 (OpenOffice, LibreOffice: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201408-19" ); script_set_attribute( attribute:"solution", value: "All OpenOffice (binary) users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-office/openoffice-bin-3.5.5.3' All LibreOffice users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-office/libreoffice-4.2.5.2' All LibreOffice (binary) users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-office/libreoffice-bin-4.2.5.2' We recommend that users unmerge OpenOffice: # emerge --unmerge 'app-office/openoffice'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(94, 119, 189, 310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libreoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libreoffice-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openoffice-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/05"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-office/libreoffice", unaffected:make_list("ge 4.2.5.2"), vulnerable:make_list("lt 4.2.5.2"))) flag++; if (qpkg_check(package:"app-office/libreoffice-bin", unaffected:make_list("ge 4.2.5.2"), vulnerable:make_list("lt 4.2.5.2"))) flag++; if (qpkg_check(package:"app-office/openoffice-bin", unaffected:make_list("ge 3.5.5.3"), vulnerable:make_list("lt 3.5.5.3"))) flag++; if (qpkg_check(package:"app-office/openoffice", unaffected:make_list(), vulnerable:make_list("le 3.5.5.3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenOffice / LibreOffice"); }NASL family Fedora Local Security Checks NASL id FEDORA_2011-0837.NASL description - Thu Jan 27 2011 Caolan McNamara <caolanm at redhat.com>- 1:3.2.0-12.35 - CVE-2010-3450 Extensions and filter package files - CVE-2010-3451 / CVE-2010-3452 RTF documents - CVE-2010-3453 / CVE-2010-3454 Word documents - CVE-2010-3689 LD_LIBRARY_PATH usage - CVE-2010-4253 PNG graphics - CVE-2010-4643 TGA graphics - Resolves: rhbz#648475 Crash in scanner dialog - Resolves: rhbz#657628 divide-by-zero - Resolves: rhbz#657718 Crash in SwObjectFormatterTxtFrm - Resolves: rhbz#660312 SDK setup script creates invalid variables (dtardon) - Resolves: rhbz#663780 extend neon mutex locking - Resoves: rhbz#577525 [abrt] crash in ImplRegionBase::~ImplRegionBase (dtardon) - Tue Oct 26 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.34 - Resolves: rhbz#636521 crash in undo in sc - Resolves: rhbz#641637 [abrt] [presentation-minimizer] crash in OptimizationStats::GetStatusValue (dtardon) - make LD_PRELOAD of libsalalloc_malloc.so work again (dtardon) - Resolves: rhbz#642996 [abrt] CffSubsetterContext::readDictOp (dtardon) - Fri Oct 15 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.33 - Resolves: rhbz#637838 Cropped pictures are displayed in entirety in handouts (dtardon) - Tue Oct 12 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.32 - Resolves: rhbz#568277 workaround to avoid the crash (dtardon) - Resolves: rhbz#631543 [abrt] crash on dereferencing dangling pointer passed down from SwCalc::Str2Double (dtardon) - Resolves: rhbz#631823 Line and Filling toolbar glitch on theme change (caolanm) - Resolves: rhbz#637738 threading problems with using libgcrypt via neon when libgcrypt which was initialized by cups to be non-thread safe (caolanm) - Resolves: rhbz#632326 [abrt] [docx] _Construct<long, long> crash (dtardon) - Fri Aug 13 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.31 - Resolves: rhbz#623800 gnome-shell/mutter focus problems - Thu Aug 12 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.30 - Resolves: rhbz#623609 CVE-2010-2935 CVE-2010-2936 - Mon Aug 9 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.29 - Resolves: rhbz#601621 avoid using mmap for copying files - Sun Aug 8 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.28 - Resolves: rhbz#621248 32bit events in forms on 64bit - Resolves rhbz#618047 Brackets incorrectly render in presentations (dtardon) - Wed Aug 4 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.27 - Resolves: rhbz#608114 cppu-lifecycle issues (caolanm) - Resolves: rhbz#566831 [abrt] crash in GetFrmSize (dtardon) - Resolves: rhbz#613278 [abrt] crash in SANE shutdown (caolanm) - Resolves: rhbz#620390 [abrt] crash in SfxViewFrame::GetFrame (dtardon) - Mon Jun 21 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.26 [plus 34 lines in the Changelog] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 52004 published 2011-02-17 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52004 title Fedora 13 : openoffice.org-3.2.0-12.35.fc13 (2011-0837) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-0837. # include("compat.inc"); if (description) { script_id(52004); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:33"); script_cve_id("CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3452", "CVE-2010-3453", "CVE-2010-3454", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-4643"); script_bugtraq_id(46031); script_xref(name:"FEDORA", value:"2011-0837"); script_name(english:"Fedora 13 : openoffice.org-3.2.0-12.35.fc13 (2011-0837)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Thu Jan 27 2011 Caolan McNamara <caolanm at redhat.com>- 1:3.2.0-12.35 - CVE-2010-3450 Extensions and filter package files - CVE-2010-3451 / CVE-2010-3452 RTF documents - CVE-2010-3453 / CVE-2010-3454 Word documents - CVE-2010-3689 LD_LIBRARY_PATH usage - CVE-2010-4253 PNG graphics - CVE-2010-4643 TGA graphics - Resolves: rhbz#648475 Crash in scanner dialog - Resolves: rhbz#657628 divide-by-zero - Resolves: rhbz#657718 Crash in SwObjectFormatterTxtFrm - Resolves: rhbz#660312 SDK setup script creates invalid variables (dtardon) - Resolves: rhbz#663780 extend neon mutex locking - Resoves: rhbz#577525 [abrt] crash in ImplRegionBase::~ImplRegionBase (dtardon) - Tue Oct 26 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.34 - Resolves: rhbz#636521 crash in undo in sc - Resolves: rhbz#641637 [abrt] [presentation-minimizer] crash in OptimizationStats::GetStatusValue (dtardon) - make LD_PRELOAD of libsalalloc_malloc.so work again (dtardon) - Resolves: rhbz#642996 [abrt] CffSubsetterContext::readDictOp (dtardon) - Fri Oct 15 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.33 - Resolves: rhbz#637838 Cropped pictures are displayed in entirety in handouts (dtardon) - Tue Oct 12 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.32 - Resolves: rhbz#568277 workaround to avoid the crash (dtardon) - Resolves: rhbz#631543 [abrt] crash on dereferencing dangling pointer passed down from SwCalc::Str2Double (dtardon) - Resolves: rhbz#631823 Line and Filling toolbar glitch on theme change (caolanm) - Resolves: rhbz#637738 threading problems with using libgcrypt via neon when libgcrypt which was initialized by cups to be non-thread safe (caolanm) - Resolves: rhbz#632326 [abrt] [docx] _Construct<long, long> crash (dtardon) - Fri Aug 13 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.31 - Resolves: rhbz#623800 gnome-shell/mutter focus problems - Thu Aug 12 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.30 - Resolves: rhbz#623609 CVE-2010-2935 CVE-2010-2936 - Mon Aug 9 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.29 - Resolves: rhbz#601621 avoid using mmap for copying files - Sun Aug 8 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.28 - Resolves: rhbz#621248 32bit events in forms on 64bit - Resolves rhbz#618047 Brackets incorrectly render in presentations (dtardon) - Wed Aug 4 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.27 - Resolves: rhbz#608114 cppu-lifecycle issues (caolanm) - Resolves: rhbz#566831 [abrt] crash in GetFrmSize (dtardon) - Resolves: rhbz#613278 [abrt] crash in SANE shutdown (caolanm) - Resolves: rhbz#620390 [abrt] crash in SfxViewFrame::GetFrame (dtardon) - Mon Jun 21 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.26 [plus 34 lines in the Changelog] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=602324" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=640241" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=640950" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=640954" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=641224" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=641282" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=658259" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=667588" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-February/054137.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fc0856df" ); script_set_attribute( attribute:"solution", value:"Update the affected openoffice.org package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openoffice.org"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/28"); script_set_attribute(attribute:"patch_publication_date", value:"2011/01/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/02/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC13", reference:"openoffice.org-3.2.0-12.35.fc13")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openoffice.org"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1056-1.NASL description Charlie Miller discovered several heap overflows in PPT processing. If a user or automated system were tricked into opening a specially crafted PPT document, a remote attacker could execute arbitrary code with user privileges. Ubuntu 10.10 was not affected. (CVE-2010-2935, CVE-2010-2936) Marc Schoenefeld discovered that directory traversal was not correctly handled in XSLT, OXT, JAR, or ZIP files. If a user or automated system were tricked into opening a specially crafted document, a remote attacker overwrite arbitrary files, possibly leading to arbitrary code execution with user privileges. (CVE-2010-3450) Dan Rosenberg discovered multiple heap overflows in RTF and DOC processing. If a user or automated system were tricked into opening a specially crafted RTF or DOC document, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454) Dmitri Gribenko discovered that OpenOffice.org did not correctly handle LD_LIBRARY_PATH in various tools. If a local attacker tricked a user or automated system into using OpenOffice.org from an attacker-controlled directory, they could execute arbitrary code with user privileges. (CVE-2010-3689) Marc Schoenefeld discovered that OpenOffice.org did not correctly process PNG images. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-4253) It was discovered that OpenOffice.org did not correctly process TGA images. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-4643). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 51858 published 2011-02-03 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51858 title Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : openoffice.org vulnerabilities (USN-1056-1) NASL family SuSE Local Security Checks NASL id SUSE_11_2_OPENOFFICE_ORG-110330.NASL description Maintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOffice_org packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. - fixed security bugs : - PowerPoint document processing (CVE-2010-2935, CVE-2010-2936) - extensions and filter package files (CVE-2010-3450) - RTF document processing (CVE-2010-3451, CVE-2010-3452) - Word document processing (CVE-2010-3453, CVE-2010-3454) - insecure LD_LIBRARY_PATH usage (CVE-2010-3689) - PDF Import extension resulting from 3rd party library XPD (CVE-2010-3702, CVE-2010-3704) - PNG file processing (CVE-2010-4253) - TGA file processing (CVE-2010-4643) - most important changes : - maintenance update (bnc#667421, MaintenanceTracker-38738) - enabled KDE3 support (bnc#678998) - libreoffice-3.3.1.2 == 3.3.1-rc2 == final - fixed audio/video playback in presentation (deb#612940, bnc#651250) - fixed non-working input methods in KDE4 (bnc#665112) - fixed occasional blank first slide (fdo#34533) - fixed cairo canvas edge count calculation (bnc#647959) - updated to libreoffice-3.3.1.2 (3.3.1-rc2) : - l10n - updated some translations - libs-core - crashing oosplash and malformed picture (bnc#652562) - Byref and declare Basic statement (fdo#33964, i#115716) - fixed BorderLine(2) conversion to SvxBorderLine (fdo#34226) - libs-gui - getEnglishSearchFontName() searches Takao fonts - sdk - fix ODK settings.mk to only set STLPORTLIB if needed - writer - rtfExport::HackIsWW8OrHigher(): return true (fdo#33478) - visual editor destroys formulas containing symbols (fdo#32759, fdo#32755) - enabled KDE4 support for SLED11; LO-3.3.1 fixed the remaining annoying bugs - fixed EMF+ import (bnc#650049) - updated to libreoffice-3.3.1.1 (3.3.1-rc1) : - artwork - new MIME type icons for LibreOffice - bootstrap - wrong line break with ( (fdo#31271) - build - default formula string (n#664516) - don last seen 2020-06-01 modified 2020-06-02 plugin id 53784 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53784 title openSUSE Security Update : OpenOffice_org (openSUSE-SU-2011:0337-1) NASL family SuSE Local Security Checks NASL id SUSE_11_3_OPENOFFICE_ORG-110330.NASL description Maintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOffice_org packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. - fixed security bugs : - PowerPoint document processing (CVE-2010-2935, CVE-2010-2936) - extensions and filter package files (CVE-2010-3450) - RTF document processing (CVE-2010-3451, CVE-2010-3452) - Word document processing (CVE-2010-3453, CVE-2010-3454) - insecure LD_LIBRARY_PATH usage (CVE-2010-3689) - PDF Import extension resulting from 3rd party library XPD (CVE-2010-3702, CVE-2010-3704) - PNG file processing (CVE-2010-4253) - TGA file processing (CVE-2010-4643) - most important changes : - add conflicts to force migration to libreoffice - obsolete Quickstarter - enabled KDE3 support (bnc#678998) - libreoffice-3.3.1.2 == 3.3.1-rc2 == final - fixed audio/video playback in presentation (deb#612940, bnc#651250) - fixed non-working input methods in KDE4 (bnc#665112) - fixed occasional blank first slide (fdo#34533) - fixed cairo canvas edge count calculation (bnc#647959) - updated to libreoffice-3.3.1.2 (3.3.1-rc2) : - l10n - updated some translations - libs-core - crashing oosplash and malformed picture (bnc#652562) - Byref and declare Basic statement (fdo#33964, i#115716) - fixed BorderLine(2) conversion to SvxBorderLine (fdo#34226) - libs-gui - getEnglishSearchFontName() searches Takao fonts - sdk - fix ODK settings.mk to only set STLPORTLIB if needed - writer - rtfExport::HackIsWW8OrHigher(): return true (fdo#33478) - visual editor destroys formulas containing symbols (fdo#32759, fdo#32755) - enabled KDE4 support for SLED11; LO-3.3.1 fixed the remaining annoying bugs - fixed EMF+ import (bnc#650049) - updated to libreoffice-3.3.1.1 (3.3.1-rc1) : - artwork - new MIME type icons for LibreOffice - bootstrap - wrong line break with ( (fdo#31271) - build - default formula string (n#664516) - don last seen 2020-06-01 modified 2020-06-02 plugin id 75687 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75687 title openSUSE Security Update : OpenOffice_org (openSUSE-SU-2011:0336-1) NASL family Scientific Linux Local Security Checks NASL id SL_20110128_OPENOFFICE_ORG_ON_SL6_X.NASL description An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) A flaw was found in the script that launches OpenOffice.org. In some situations, a last seen 2020-06-01 modified 2020-06-02 plugin id 60947 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60947 title Scientific Linux Security Update : openoffice.org on SL6.x i386/x86_64 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0182.NASL description Updated openoffice.org packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) A flaw was found in the script that launches OpenOffice.org. In some situations, a last seen 2020-06-01 modified 2020-06-02 plugin id 53831 published 2011-05-09 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53831 title CentOS 5 : openoffice.org (CESA-2011:0182) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-027.NASL description Multiple vulnerabilities were discovered and corrected in OpenOffice.org : Multiple directory traversal vulnerabilities allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in an XSLT JAR filter description file, an Extension (aka OXT) file, or unspecified other JAR or ZIP files (CVE-2010-3450). Use-after-free vulnerability in oowriter allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document (CVE-2010-3451). Use-after-free vulnerability in oowriter allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document (CVE-2010-3452). The WW8ListManager::WW8ListManager function in oowriter does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write (CVE-2010-3453). Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write (CVE-2010-3454). soffice places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory (CVE-2010-3689). Heap-based buffer overflow in Impress allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document (CVE-2010-4253). Heap-based buffer overflow in Impress allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TGA file in an ODF or Microsoft Office document (CVE-2010-4643). OpenOffice.org packages have been updated in order to fix these issues. Additionally openoffice.org-voikko packages that require OpenOffice.org are also being provided and voikko package is upgraded from 2.0 to 2.2.1 version in MES5.1. last seen 2020-06-01 modified 2020-06-02 plugin id 51982 published 2011-02-15 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51982 title Mandriva Linux Security Advisory : openoffice.org (MDVSA-2011:027) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0182.NASL description Updated openoffice.org packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) A flaw was found in the script that launches OpenOffice.org. In some situations, a last seen 2020-06-01 modified 2020-06-02 plugin id 51826 published 2011-01-31 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51826 title RHEL 5 : openoffice.org (RHSA-2011:0182) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0183.NASL description From Red Hat Security Advisory 2011:0183 : Updated openoffice.org packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) A flaw was found in the script that launches OpenOffice.org. In some situations, a last seen 2020-06-01 modified 2020-06-02 plugin id 68190 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68190 title Oracle Linux 6 : openoffice.org (ELSA-2011-0183) NASL family Scientific Linux Local Security Checks NASL id SL_20110128_OPENOFFICE_ORG_ON_SL5_X.NASL description An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) A flaw was found in the script that launches OpenOffice.org. In some situations, a last seen 2020-06-01 modified 2020-06-02 plugin id 60946 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60946 title Scientific Linux Security Update : openoffice.org on SL5.x i386/x86_64 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0181.NASL description Updated openoffice.org and openoffice.org2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) Red Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and CVE-2010-3454 issues. All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 51887 published 2011-02-06 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51887 title CentOS 4 : openoffice.org / openoffice.org2 (CESA-2011:0181) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBREOFFICE331-110318.NASL description Maintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOffice_org packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. List of LibreOffice-3.3 features : General - online help - common search toolbar - new easier last seen 2020-06-01 modified 2020-06-02 plugin id 52735 published 2011-03-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52735 title SuSE 11.1 Security Update : Libreoffice (SAT Patch Number 4082) NASL family SuSE Local Security Checks NASL id SUSE_LIBREOFFICE331-7365.NASL description Maintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. List of LibreOffice-3.3 features : General - online help - common search toolbar - new easier last seen 2020-06-01 modified 2020-06-02 plugin id 52738 published 2011-03-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52738 title SuSE 10 Security Update : Libreoffice (ZYPP Patch Number 7365) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0181.NASL description From Red Hat Security Advisory 2011:0181 : Updated openoffice.org and openoffice.org2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) Red Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and CVE-2010-3454 issues. All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68189 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68189 title Oracle Linux 4 : openoffice.org (ELSA-2011-0181) NASL family Scientific Linux Local Security Checks NASL id SL_20110128_OPENOFFICE_ORG_AND_OPENOFFICE_ORG2_ON_SL4_X.NASL description An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) All running instances of OpenOffice.org applications must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60945 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60945 title Scientific Linux Security Update : openoffice.org and openoffice.org2 on SL4.x i386/x86_64 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0183.NASL description Updated openoffice.org packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) A flaw was found in the script that launches OpenOffice.org. In some situations, a last seen 2020-06-01 modified 2020-06-02 plugin id 51827 published 2011-01-31 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51827 title RHEL 6 : openoffice.org (RHSA-2011:0183) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0181.NASL description Updated openoffice.org and openoffice.org2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) Red Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and CVE-2010-3454 issues. All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 51825 published 2011-01-31 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51825 title RHEL 4 : openoffice.org and openoffice.org2 (RHSA-2011:0181) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_F2B43905354511E08E810022190034C0.NASL description OpenOffice.org Security Team reports : Fixed in OpenOffice.org 3.3 - CVE-2010-2935 / CVE-2010-2936: Security Vulnerability in OpenOffice.org related to PowerPoint document processing - CVE-2010-3450: Security Vulnerability in OpenOffice.org related to Extensions and filter package files - CVE-2010-3451 / CVE-2010-3452: Security Vulnerability in OpenOffice.org related to RTF document processing - CVE-2010-3453 / CVE-2010-3454: Security Vulnerability in OpenOffice.org related to Word document processing - CVE-2010-3689: Insecure LD_LIBRARY_PATH usage in OpenOffice.org shell scripts - CVE-2010-3702 / CVE-2010-3704: Security Vulnerability in OpenOffice.org last seen 2020-06-01 modified 2020-06-02 plugin id 51966 published 2011-02-14 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51966 title FreeBSD : openoffice.org -- Multiple vulnerabilities (f2b43905-3545-11e0-8e81-0022190034c0)
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- http://secunia.com/advisories/43065
- http://www.vupen.com/english/advisories/2011/0232
- http://www.securityfocus.com/bid/46031
- http://www.vupen.com/english/advisories/2011/0230
- https://bugzilla.redhat.com/show_bug.cgi?id=640954
- http://www.cs.brown.edu/people/drosenbe/research.html
- http://www.debian.org/security/2011/dsa-2151
- http://www.openoffice.org/security/cves/CVE-2010-3453_CVE-2010-3454.html
- http://secunia.com/advisories/42999
- http://secunia.com/advisories/43105
- http://www.redhat.com/support/errata/RHSA-2011-0182.html
- http://www.securitytracker.com/id?1025002
- http://ubuntu.com/usn/usn-1056-1
- http://www.redhat.com/support/errata/RHSA-2011-0181.html
- http://secunia.com/advisories/43118
- http://osvdb.org/70715
- http://www.vupen.com/english/advisories/2011/0279
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:027
- http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
- http://www.vsecurity.com/resources/advisory/20110126-1
- http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
- http://secunia.com/advisories/60799
- http://secunia.com/advisories/40775