Description
Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.
References (21)
Core 21
Core References
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40775
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/70711
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46031
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2151
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60799
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43118
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43065
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0230
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025002
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0232
Broken Link vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0182.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-1056-1
Broken Link vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0181.html
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0279
Vendor Advisory x_refsource_confirm
http://www.openoffice.org/security/cves/CVE-2010-3450.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43105
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:027
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=602324
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42999
Scores
EPSS
0.1073
EPSS Percentile
95.3%
Details
CWE
CWE-22
Status
published
Products (7)
apache/openoffice
2.0.0 - 3.3.0
canonical/ubuntu_linux
8.04
canonical/ubuntu_linux
9.10
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
10.10
debian/debian_linux
5.0
debian/debian_linux
6.0
Published
Jan 28, 2011
Tracked Since
Feb 18, 2026