Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2010-3453

Disclosure Date: January 28, 2011
CVE-2010-3453
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2010-3453 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3453)
BID-46031 (http://www.securityfocus.com/bid/46031)
Advisory
SECUNIA-40775 (http://secunia.com/advisories/40775)
DSA-2151 (http://www.debian.org/security/2011/dsa-2151)
SECUNIA-60799 (http://secunia.com/advisories/60799)
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
GLSA-201408-19 (http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml)
SECUNIA-43118 (http://secunia.com/advisories/43118)
SECUNIA-43065 (http://secunia.com/advisories/43065)
ADV-2011-0230 (http://www.vupen.com/english/advisories/2011/0230)
SECTRACK-1025002 (http://www.securitytracker.com/id?1025002)
http://www.openoffice.org/security/cves/CVE-2010-3453_CVE-2010-3454.html
ADV-2011-0232 (http://www.vupen.com/english/advisories/2011/0232)
https://bugzilla.redhat.com/show_bug.cgi?id=640950
http://www.redhat.com/support/errata/RHSA-2011-0182.html
USN-1056-1 (http://ubuntu.com/usn/usn-1056-1)
http://www.redhat.com/support/errata/RHSA-2011-0181.html
OSVDB-70714 (http://osvdb.org/70714)
ADV-2011-0279 (http://www.vupen.com/english/advisories/2011/0279)
SECUNIA-43105 (http://secunia.com/advisories/43105)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:027
SECUNIA-42999 (http://secunia.com/advisories/42999)
Miscellaneous
http://www.vsecurity.com/resources/advisory/20110126-1
http://www.cs.brown.edu/people/drosenbe/research.html
https://access.redhat.com/errata/RHSA-2011:0181
https://access.redhat.com/errata/RHSA-2011:0182
https://access.redhat.com/errata/RHSA-2011:0183
https://access.redhat.com/security/cve/CVE-2010-3453

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis