CVE-2010-3450

NameCVE-2010-3450
DescriptionMultiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2151-1
NVD severityhigh (attack range: remote)
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openoffice.org (PTS)squeeze (security), squeeze1:3.2.1-11+squeeze8fixed
wheezy1:3.4.0~ooo340m1-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openoffice.orgsource(unstable)1:3.2.1-11+squeeze2high
openoffice.orgsourcelenny1:2.4.1+dfsg-1+lenny11highDSA-2151-1

Search for package or bug name: Reporting problems