Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Required

Privileges Required

None

Attack Vector

Network

0

CVE-2012-0037

Disclosure Date: June 17, 2012 •

CVE-2012-0037 CVSS v3 Base Score: 6.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.5 Medium

Impact Score:

3.6

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

None

Availability (A):

None

References

Canonical

CVE-2012-0037 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0037)

BID-52681 (http://www.securityfocus.com/bid/52681)

Advisory

SECUNIA-60799 (http://secunia.com/advisories/60799)

SECUNIA-48526 (http://secunia.com/advisories/48526)

SECUNIA-48479 (http://secunia.com/advisories/48479)

GLSA-201408-19 (http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml)

GLSA-201209-05 (http://security.gentoo.org/glsa/glsa-201209-05.xml)

SECUNIA-48494 (http://secunia.com/advisories/48494)

SECTRACK-1026837 (http://www.securitytracker.com/id?1026837)

http://www.mandriva.com/security/advisories?name=MDVSA-2012:061

FEDORA-2012-4663 (http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html)

SECUNIA-48529 (http://secunia.com/advisories/48529)

OSVDB-80307 (http://www.osvdb.org/80307)

http://rhn.redhat.com/errata/RHSA-2012-0410.html

[oss-security] 20120427 Fwd: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) (http://www.openwall.com/lists/oss-security/2012/03/27/4)

http://www.mandriva.com/security/advisories?name=MDVSA-2012:062

SECUNIA-48542 (http://secunia.com/advisories/48542)

http://www.libreoffice.org/advisories/CVE-2012-0037

SECUNIA-50692 (http://secunia.com/advisories/50692)

http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6

SECUNIA-48649 (http://secunia.com/advisories/48649)

XF-openoffice-xml-info-disclosure(74235) (https://exchange.xforce.ibmcloud.com/vulnerabilities/74235)

DSA-2438 (http://www.debian.org/security/2012/dsa-2438)

http://rhn.redhat.com/errata/RHSA-2012-0411.html

SECUNIA-48493 (http://secunia.com/advisories/48493)

FEDORA-2012-4629 (http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html)

http://www.mandriva.com/security/advisories?name=MDVSA-2012:063

http://www.openoffice.org/security/cves/CVE-2012-0037.html

http://librdf.org/raptor/RELEASE.html#rel2_0_7

https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0

[openoffice-commits] 20200305 svn commit: r1874832 - in /openoffice/ooo-site/trunk/content: download/checksums.html download/globalvars.js download/test/globalvars.js security/cves/CVE-2012-0037.html security/cves/CVE-2013-1571.html (https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0@%3Ccommits.openoffice.apache.org%3E)

Miscellaneous

http://vsecurity.com/resources/advisory/20120324-1

http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/

http://vsecurity.com/resources/advisory/20120324-1/

http://www.libreoffice.org/advisories/CVE-2012-0037/

https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E

Rapid7

Technical Analysis