CVE-2010-4253

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.

References

http://osvdb.org/70717

http://secunia.com/advisories/40775

http://secunia.com/advisories/42999

http://secunia.com/advisories/43065

http://secunia.com/advisories/43105

http://secunia.com/advisories/60799

http://ubuntu.com/usn/usn-1056-1

http://www.debian.org/security/2011/dsa-2151

http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2011:027

http://www.openoffice.org/security/cves/CVE-2010-4253.html

http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

http://www.redhat.com/support/errata/RHSA-2011-0182.html

http://www.securityfocus.com/bid/46031

http://www.securitytracker.com/id?1025002

http://www.vupen.com/english/advisories/2011/0230

http://www.vupen.com/english/advisories/2011/0232

http://www.vupen.com/english/advisories/2011/0279

https://bugzilla.redhat.com/show_bug.cgi?id=658259

Details

Source: MITRE

Published: 2011-01-28

Updated: 2015-11-17

Type: CWE-119

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
107858Solaris 10 (x86) : 120190-23NessusSolaris Local Security Checks
high
107857Solaris 10 (x86) : 120186-23NessusSolaris Local Security Checks
high
107356Solaris 10 (sparc) : 120189-23NessusSolaris Local Security Checks
high
107355Solaris 10 (sparc) : 120185-23NessusSolaris Local Security Checks
high
77467GLSA-201408-19 : OpenOffice, LibreOffice: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
75687openSUSE Security Update : OpenOffice_org (openSUSE-SU-2011:0336-1)NessusSuSE Local Security Checks
high
68190Oracle Linux 6 : openoffice.org (ELSA-2011-0183)NessusOracle Linux Local Security Checks
high
68189Oracle Linux 4 : openoffice.org (ELSA-2011-0181)NessusOracle Linux Local Security Checks
high
60947Scientific Linux Security Update : openoffice.org on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
high
60946Scientific Linux Security Update : openoffice.org on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
53831CentOS 5 : openoffice.org (CESA-2011:0182)NessusCentOS Local Security Checks
high
53784openSUSE Security Update : OpenOffice_org (openSUSE-SU-2011:0337-1)NessusSuSE Local Security Checks
high
52738SuSE 10 Security Update : Libreoffice (ZYPP Patch Number 7365)NessusSuSE Local Security Checks
high
52735SuSE 11.1 Security Update : Libreoffice (SAT Patch Number 4082)NessusSuSE Local Security Checks
high
52004Fedora 13 : openoffice.org-3.2.0-12.35.fc13 (2011-0837)NessusFedora Local Security Checks
high
51982Mandriva Linux Security Advisory : openoffice.org (MDVSA-2011:027)NessusMandriva Local Security Checks
high
51887CentOS 4 : openoffice.org / openoffice.org2 (CESA-2011:0181)NessusCentOS Local Security Checks
high
51858Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : openoffice.org vulnerabilities (USN-1056-1)NessusUbuntu Local Security Checks
high
51827RHEL 6 : openoffice.org (RHSA-2011:0183)NessusRed Hat Local Security Checks
high
51826RHEL 5 : openoffice.org (RHSA-2011:0182)NessusRed Hat Local Security Checks
high
51825RHEL 4 : openoffice.org and openoffice.org2 (RHSA-2011:0181)NessusRed Hat Local Security Checks
high
5745OpenOffice < 3.3 Multiple VulnerabilitiesNessus Network MonitorGeneric
high
51773Oracle OpenOffice.org < 3.3 Multiple VulnerabilitiesNessusWindows
high
51677Debian DSA-2151-1 : openoffice.org - several vulnerabilitiesNessusDebian Local Security Checks
high