CVE-2010-3450

OpenOffice.org 2.x-3.3 - Path Traversal

Title source: llm
STIX 2.1

Description

Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.

References (21)

Core 21
Core References
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40775
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/70711
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46031
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2151
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60799
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43118
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43065
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0230
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025002
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0232
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0182.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-1056-1
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0181.html
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0279
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43105
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:027
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=602324
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42999

Scores

EPSS 0.1073
EPSS Percentile 95.3%

Details

CWE
CWE-22
Status published
Products (7)
apache/openoffice 2.0.0 - 3.3.0
canonical/ubuntu_linux 8.04
canonical/ubuntu_linux 9.10
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 10.10
debian/debian_linux 5.0
debian/debian_linux 6.0
Published Jan 28, 2011
Tracked Since Feb 18, 2026