Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2010-4643 First vendor Publication 2011-01-28
Vendor Cve Last vendor Modification 2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4643

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12858
 
Oval ID: oval:org.mitre.oval:def:12858
Title: DSA-2151-1 openoffice.org -- several
Description: Several security related problems have been discovered in the OpenOffice.org package that allows malformed documents to trick the system into crashes or even the execution of arbitrary code. CVE-2010-3450 During an internal security audit within Red Hat, a directory traversal vulnerability has been discovered in the way OpenOffice.org 3.1.1 through 3.2.1 processes XML filter files. If a local user is tricked into opening a specially-crafted OOo XML filters package file, this problem could allow remote attackers to create or overwrite arbitrary files belonging to local user or, potentially, execute arbitrary code. CVE-2010-3451 During his work as a consultant at Virtual Security Research, Dan Rosenberg discovered a vulnerability in OpenOffice.org's RTF parsing functionality. Opening a maliciously crafted RTF document can caus an out-of-bounds memory read into previously allocated heap memory, which may lead to the execution of arbitrary code. CVE-2010-3452 Dan Rosenberg discovered a vulnerability in the RTF file parser which can be leveraged by attackers to achieve arbitrary code execution by convincing a victim to open a maliciously crafted RTF file. CVE-2010-3453 As part of his work with Virtual Security Research, Dan Rosenberg discovered a vulnerability in the WW8ListManager::WW8ListManager function of OpenOffice.org that allows a maliciously crafted file to cause the execution of arbitrary code. CVE-2010-3454 As part of his work with Virtual Security Research, Dan Rosenberg discovered a vulnerability in the WW8DopTypography::ReadFromMem function in OpenOffice.org that may be exploited by a maliciously crafted file which allowins an attacker to control program flow and potentially execute arbitrary code. CVE-2010-3689 Dmitri Gribenko discovered that the soffice script does not treat an empty LD_LIBRARY_PATH variable like an unset one, may lead to the execution of arbitrary code. CVE-2010-4253 A heap based buffer overflow has been discovered with unknown impact. CVE-2010-4643 A vulnerability has been discovered in the way OpenOffice.org handles TGA graphics which can be tricked by a specially crafted TGA file that could cause the program to crash due to a heap-based buffer overflow with unknown impact.
Family: unix Class: patch
Reference(s): DSA-2151-1
CVE-2010-3450
CVE-2010-3451
CVE-2010-3452
CVE-2010-3453
CVE-2010-3454
CVE-2010-3689
CVE-2010-4253
CVE-2010-4643
 Version: 7
Platform(s): Debian GNU/Linux 5.0
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13739
 
Oval ID: oval:org.mitre.oval:def:13739
Title: USN-1056-1 -- openoffice.org vulnerabilities
Description: Charlie Miller discovered several heap overflows in PPT processing. If a user or automated system were tricked into opening a specially crafted PPT document, a remote attacker could execute arbitrary code with user privileges. Ubuntu 10.10 was not affected. Marc Schoenefeld discovered that directory traversal was not correctly handled in XSLT, OXT, JAR, or ZIP files. If a user or automated system were tricked into opening a specially crafted document, a remote attacker overwrite arbitrary files, possibly leading to arbitrary code execution with user privileges. Dan Rosenberg discovered multiple heap overflows in RTF and DOC processing. If a user or automated system were tricked into opening a specially crafted RTF or DOC document, a remote attacker could execute arbitrary code with user privileges. Dmitri Gribenko discovered that OpenOffice.org did not correctly handle LD_LIBRARY_PATH in various tools. If a local attacker tricked a user or automated system into using OpenOffice.org from an attacker-controlled directory, they could execute arbitrary code with user privileges. Marc Schoenefeld discovered that OpenOffice.org did not correctly process PNG images. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. It was discovered that OpenOffice.org did not correctly process TGA images. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges
Family: unix Class: patch
Reference(s): USN-1056-1
CVE-2010-2935
CVE-2010-2936
CVE-2010-3450
CVE-2010-3451
CVE-2010-3452
CVE-2010-3453
CVE-2010-3454
CVE-2010-3689
CVE-2010-4253
CVE-2010-4643
 Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21381
 
Oval ID: oval:org.mitre.oval:def:21381
Title: RHSA-2011:0182: openoffice.org security update (Important)
Description: Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
Family: unix Class: patch
Reference(s): RHSA-2011:0182-01
CESA-2011:0182
CVE-2010-3450
CVE-2010-3451
CVE-2010-3452
CVE-2010-3453
CVE-2010-3454
CVE-2010-3689
CVE-2010-4253
CVE-2010-4643
 Version: 107
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21625
 
Oval ID: oval:org.mitre.oval:def:21625
Title: RHSA-2011:0183: openoffice.org security and bug fix update (Important)
Description: Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
Family: unix Class: patch
Reference(s): RHSA-2011:0183-01
CVE-2010-3450
CVE-2010-3451
CVE-2010-3452
CVE-2010-3453
CVE-2010-3454
CVE-2010-3689
CVE-2010-4253
CVE-2010-4643
 Version: 107
Platform(s): Red Hat Enterprise Linux 6
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23069
 
Oval ID: oval:org.mitre.oval:def:23069
Title: ELSA-2011:0182: openoffice.org security update (Important)
Description: Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
Family: unix Class: patch
Reference(s): ELSA-2011:0182-01
CVE-2010-3450
CVE-2010-3451
CVE-2010-3452
CVE-2010-3453
CVE-2010-3454
CVE-2010-3689
CVE-2010-4253
CVE-2010-4643
 Version: 37
Platform(s): Oracle Linux 5
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23509
 
Oval ID: oval:org.mitre.oval:def:23509
Title: ELSA-2011:0183: openoffice.org security and bug fix update (Important)
Description: Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
Family: unix Class: patch
Reference(s): ELSA-2011:0183-01
CVE-2010-3450
CVE-2010-3451
CVE-2010-3452
CVE-2010-3453
CVE-2010-3454
CVE-2010-3689
CVE-2010-4253
CVE-2010-4643
 Version: 37
Platform(s): Oracle Linux 6
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28209
 
Oval ID: oval:org.mitre.oval:def:28209
Title: DEPRECATED: ELSA-2011-0183 -- openoffice.org security and bug fix update (important)
Description: [3.2.1-19.3.0.1.el6_0.5] - Replaced RedHat colors with Oracle colors, OOO_VENDOR with Oracle Corp., and the filename redhat.soc with oracle.soc in specfile bug#10911 [1:3.2.1-19.6.5] - Related: rhbz#671087 set right file permissions [1:3.2.1-19.6.4] - Resolves: rhbz#671087 file locks are not created with gvfs-sftp volumes with OpenOffice.org [1:3.2.1-19.6.3] - Resolves: rhbz#642200 openoffice.org various flaws - CVE-2010-4643 heap based buffer overflow when parsing TGA files [1:3.2.1-19.6.2] - Resolves: rhbz#642200 openoffice.org various flaws - CVE-2010-4253 heap based buffer overflow in PPT import [1:3.2.1-19.6.1] - Resolves: rhbz#642200 openoffice.org various flaws - CVE-2010-3450 directory traversal flaws in handling of XSLT jar filter descriptions and OXT extension files - CVE-2010-3451 Array index error by insecure parsing of broken rtf tables - CVE-2010-3452 Integer signedness error (crash) by processing certain RTF tags - CVE-2010-3453 Heap-based buffer overflow by processing *.doc files with WW8 list styles with specially-crafted count of list levels - CVE-2010-3454 Array index error by scanning document typography information of certain *.doc files - CVE-2010-3689 soffice insecure LD_LIBRARY_PATH setting
Family: unix Class: patch
Reference(s): ELSA-2011-0183
CVE-2010-3450
CVE-2010-3451
CVE-2010-3452
CVE-2010-3453
CVE-2010-3454
CVE-2010-3689
CVE-2010-4253
CVE-2010-4643
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): openoffice.org
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 6

OpenVAS Exploits

Date Description
2012-07-30 Name : CentOS Update for openoffice.org CESA-2011:0181 centos4 x86_64
File : nvt/gb_CESA-2011_0181_openoffice.org_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for openoffice.org-base CESA-2011:0182 centos5 x86_64
File : nvt/gb_CESA-2011_0182_openoffice.org-base_centos5_x86_64.nasl
2012-07-09 Name : RedHat Update for openoffice.org RHSA-2011:0183-01
File : nvt/gb_RHSA-2011_0183-01_openoffice.org.nasl
2011-08-09 Name : CentOS Update for openoffice.org-base CESA-2011:0182 centos5 i386
File : nvt/gb_CESA-2011_0182_openoffice.org-base_centos5_i386.nasl
2011-03-07 Name : Debian Security Advisory DSA 2151-1 (openoffice.org)
File : nvt/deb_2151_1.nasl
2011-03-05 Name : FreeBSD Ports: openoffice.org
File : nvt/freebsd_openoffice.org0.nasl
2011-02-18 Name : Fedora Update for openoffice.org FEDORA-2011-0837
File : nvt/gb_fedora_2011_0837_openoffice.org_fc13.nasl
2011-02-16 Name : Mandriva Update for openoffice.org MDVSA-2011:027 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2011_027.nasl
2011-02-11 Name : CentOS Update for openoffice.org CESA-2011:0181 centos4 i386
File : nvt/gb_CESA-2011_0181_openoffice.org_centos4_i386.nasl
2011-02-04 Name : Ubuntu Update for openoffice.org vulnerabilities USN-1056-1
File : nvt/gb_ubuntu_USN_1056_1.nasl
2011-01-31 Name : RedHat Update for openoffice.org and openoffice.org2 RHSA-2011:0181-01
File : nvt/gb_RHSA-2011_0181-01_openoffice.org_and_openoffice.org2.nasl
2010-08-30 Name : OpenOffice.org Buffer Overflow and Directory Traversal Vulnerabilities (Win)
File : nvt/secpod_openoffice_mult_vuln_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
70718 OpenOffice.org (OOo) Impress Crafted TGA File Handling Overflow

OpenOffice.org is prone to an overflow condition. The Impress component fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted TGA file, a context-dependent attacker can potentially execute arbitrary code.

Nessus® Vulnerability Scanner

Date Description
2014-09-01 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201408-19.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_OpenOffice_org-110330.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0183.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0181.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110128_openoffice_org_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110128_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110128_openoffice_org_and_openoffice_org2_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-05-09 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0182.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_OpenOffice_org-110330.nasl - Type : ACT_GATHER_INFO
2011-03-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libreoffice331-110318.nasl - Type : ACT_GATHER_INFO
2011-03-21 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libreoffice331-7365.nasl - Type : ACT_GATHER_INFO
2011-02-17 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0837.nasl - Type : ACT_GATHER_INFO
2011-02-15 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-027.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_f2b43905354511e08e810022190034c0.nasl - Type : ACT_GATHER_INFO
2011-02-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0181.nasl - Type : ACT_GATHER_INFO
2011-02-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1056-1.nasl - Type : ACT_GATHER_INFO
2011-01-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0181.nasl - Type : ACT_GATHER_INFO
2011-01-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0182.nasl - Type : ACT_GATHER_INFO
2011-01-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0183.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote Windows host has a program affected by multiple vulnerabilities.
File : openoffice_33.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2151.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/46031
CONFIRM http://www.openoffice.org/security/cves/CVE-2010-4643.html
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
https://bugzilla.redhat.com/show_bug.cgi?id=667588
DEBIAN http://www.debian.org/security/2011/dsa-2151
GENTOO http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2011:027
OSVDB http://osvdb.org/70718
REDHAT http://www.redhat.com/support/errata/RHSA-2011-0181.html
http://www.redhat.com/support/errata/RHSA-2011-0182.html
SECTRACK http://www.securitytracker.com/id?1025002
SECUNIA http://secunia.com/advisories/40775
http://secunia.com/advisories/42999
http://secunia.com/advisories/43065
http://secunia.com/advisories/43105
http://secunia.com/advisories/43118
http://secunia.com/advisories/60799
UBUNTU http://ubuntu.com/usn/usn-1056-1
VUPEN http://www.vupen.com/english/advisories/2011/0230
http://www.vupen.com/english/advisories/2011/0232
http://www.vupen.com/english/advisories/2011/0279
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/65441

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Date Informations
2024-02-08 12:13:32
  • Multiple Updates
2023-02-13 09:29:00
  • Multiple Updates
2023-02-02 21:28:49
  • Multiple Updates
2022-02-08 12:09:32
  • Multiple Updates
2021-05-04 12:13:11
  • Multiple Updates
2021-04-22 01:13:39
  • Multiple Updates
2020-05-23 00:27:06
  • Multiple Updates
2017-08-17 09:23:11
  • Multiple Updates
2016-06-28 18:24:46
  • Multiple Updates
2016-04-26 20:18:43
  • Multiple Updates
2015-11-17 21:23:32
  • Multiple Updates
2014-11-14 13:27:11
  • Multiple Updates
2014-10-24 13:25:54
  • Multiple Updates
2014-09-02 13:24:30
  • Multiple Updates
2014-06-14 13:29:56
  • Multiple Updates
2014-02-17 10:59:04
  • Multiple Updates
2013-05-10 23:39:06
  • Multiple Updates