CVE-2010-3452: Use After Free
First published: Tue Oct 05 2010(Updated: )
An integer signedness error, leading to heap-based buffer out-ouf-bounds read was found in the way OpenOffice.org processed certain Rich Text Format (RTF) tags. If a user opened a specially-crafted RTF file in OpenOffice.org suite tool (oowriter), it could lead to denial of service (oowriter executable crash), or possibly, execute arbitrary code with the privileges of the user running OpenOffice.org Writer. References: [1] <a href="http://www.cs.brown.edu/people/drosenbe/research.html">http://www.cs.brown.edu/people/drosenbe/research.html</a> Acknowledgements: Red Hat would like to thank OpenOffice.org for reporting this issue. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache OpenOffice | >=2.0.0<3.3.0 | |
| Debian Linux | =5.0 | |
| Ubuntu | =10.10 | |
| Debian Linux | =6.0 | |
| Ubuntu | =9.10 | |
| Ubuntu | =10.04 | |
| Ubuntu | =8.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cs.brown.edu/people/drosenbe/research.html
- http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html
- https://rhn.redhat.com/errata/RHSA-2011-0181.html
- https://rhn.redhat.com/errata/RHSA-2011-0182.html
- https://rhn.redhat.com/errata/RHSA-2011-0183.html
- https://bugzilla.redhat.com/show_bug.cgi?id=640241
- http://osvdb.org/70713
- http://secunia.com/advisories/40775
- http://secunia.com/advisories/42999
- http://secunia.com/advisories/43065
- http://secunia.com/advisories/43105
- http://secunia.com/advisories/43118
- http://secunia.com/advisories/60799
- http://ubuntu.com/usn/usn-1056-1
- http://www.debian.org/security/2011/dsa-2151
- http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:027
- http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
- http://www.redhat.com/support/errata/RHSA-2011-0181.html
- http://www.redhat.com/support/errata/RHSA-2011-0182.html
- http://www.securityfocus.com/bid/46031
- http://www.securitytracker.com/id?1025002
- http://www.vsecurity.com/resources/advisory/20110126-1
- http://www.vupen.com/english/advisories/2011/0230
- http://www.vupen.com/english/advisories/2011/0232
- http://www.vupen.com/english/advisories/2011/0279
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65031
Frequently Asked Questions
What is the severity of CVE-2010-3452?
CVE-2010-3452 has a moderate severity rating due to the potential for denial of service through a crafted RTF file.
How do I fix CVE-2010-3452?
To fix CVE-2010-3452, users should update their OpenOffice.org to a version later than 3.3.0.
What software is affected by CVE-2010-3452?
CVE-2010-3452 affects versions of Apache OpenOffice between 2.0.0 and 3.3.0, as well as several versions of Debian and Ubuntu Linux.
What type of vulnerability is CVE-2010-3452?
CVE-2010-3452 is an integer signedness error resulting in a heap-based buffer out-of-bounds read.
Can CVE-2010-3452 lead to data exposure?
While CVE-2010-3452 primarily leads to denial of service, it may indirectly expose certain data upon a crash.
- collector/redhat-bugzilla
- alias/CVE-2010-3452
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apache
- canonical/apache openoffice
- version/apache openoffice/2.0.0
- vendor/debian
- canonical/debian linux
- version/debian linux/5.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/10.10
- version/debian linux/6.0
- version/ubuntu/9.10
- version/ubuntu/10.04
- version/ubuntu/8.04