CVE-2010-3451: Buffer Overflow
First published: Fri Oct 08 2010(Updated: )
An array index error, leading to heap based buffer overflow, was found in the way OpenOffice.org parsed RTF files. If a user opened a specially-crafted RTF file, with broken RTF tables, in OpenOffice.org suite tool (oowriter), it could lead to denial of service (oowriter executable crash), or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org Writer. References: [1] <a href="http://www.cs.brown.edu/people/drosenbe/research.html">http://www.cs.brown.edu/people/drosenbe/research.html</a> Acknowledgements: Red Hat would like to thank OpenOffice.org for reporting this issue. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache OpenOffice | >=2.0.0<3.3.0 | |
| Debian Linux | =5.0 | |
| Ubuntu | =10.10 | |
| Debian Linux | =6.0 | |
| Ubuntu | =9.10 | |
| Ubuntu | =10.04 | |
| Ubuntu | =8.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cs.brown.edu/people/drosenbe/research.html
- http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html
- https://rhn.redhat.com/errata/RHSA-2011-0181.html
- https://rhn.redhat.com/errata/RHSA-2011-0182.html
- https://rhn.redhat.com/errata/RHSA-2011-0183.html
- https://bugzilla.redhat.com/show_bug.cgi?id=641282
- http://osvdb.org/70712
- http://secunia.com/advisories/40775
- http://secunia.com/advisories/42999
- http://secunia.com/advisories/43065
- http://secunia.com/advisories/43105
- http://secunia.com/advisories/43118
- http://secunia.com/advisories/60799
- http://ubuntu.com/usn/usn-1056-1
- http://www.debian.org/security/2011/dsa-2151
- http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:027
- http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
- http://www.redhat.com/support/errata/RHSA-2011-0181.html
- http://www.redhat.com/support/errata/RHSA-2011-0182.html
- http://www.securityfocus.com/bid/46031
- http://www.securitytracker.com/id?1025002
- http://www.vsecurity.com/resources/advisory/20110126-1
- http://www.vupen.com/english/advisories/2011/0230
- http://www.vupen.com/english/advisories/2011/0232
- http://www.vupen.com/english/advisories/2011/0279
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65030
Frequently Asked Questions
What is the severity of CVE-2010-3451?
CVE-2010-3451 is classified as a high-severity vulnerability due to its potential for causing denial of service through a crash of OpenOffice.org.
How do I fix CVE-2010-3451?
To fix CVE-2010-3451, update your OpenOffice.org version to 3.3.0 or later.
What versions of OpenOffice.org are affected by CVE-2010-3451?
CVE-2010-3451 affects all versions of OpenOffice.org from 2.0.0 up to 3.2.999.
What happens if I open a malicious RTF file related to CVE-2010-3451?
Opening a malicious RTF file with CVE-2010-3451 can cause OpenOffice.org's Writer tool (oowriter) to crash.
Which operating systems are impacted by CVE-2010-3451?
CVE-2010-3451 impacts multiple operating systems, including various versions of Debian and Ubuntu distributions.
- collector/redhat-bugzilla
- alias/CVE-2010-3451
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apache
- canonical/apache openoffice
- version/apache openoffice/2.0.0
- vendor/debian
- canonical/debian linux
- version/debian linux/5.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/10.10
- version/debian linux/6.0
- version/ubuntu/9.10
- version/ubuntu/10.04
- version/ubuntu/8.04