Lucene search

[email protected]CVE-2010-2936

HistoryAug 25, 2010 - 8:00 p.m.

CVE-2010-2936

2010-08-2520:00:17

CWE-189

[email protected]

web.nvd.nist.gov

cve-2010-2936

integer overflow

openoffice.org

denial of service

arbitrary code execution

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

High

0.149 Low

EPSS

Percentile

95.9%

JSON

Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow.

Affected configurations

NVD

Node

openofficeopenoffice.orgMatch3.2.1

AND

microsoftwindows

CPENameOperatorVersion
openoffice:openoffice.orgopenoffice openoffice.orgeq3.2.1

CPE	Name	Operator	Version
openoffice:openoffice.org	openoffice openoffice.org	eq	3.2.1

References

lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

secunia.com/advisories/40775

secunia.com/advisories/41052

secunia.com/advisories/41235

secunia.com/advisories/42927

secunia.com/advisories/43105

secunia.com/advisories/60799

securityevaluators.com/files/papers/CrashAnalysis.pdf

ubuntu.com/usn/usn-1056-1

www.debian.org/security/2010/dsa-2099

www.gentoo.org/security/en/glsa/glsa-201408-19.xml

www.mandriva.com/security/advisories?name=MDVSA-2010:221

www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html

www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690

www.openwall.com/lists/oss-security/2010/08/11/1

www.openwall.com/lists/oss-security/2010/08/11/4

www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

www.redhat.com/support/errata/RHSA-2010-0643.html

www.securitytracker.com/id?1024352

www.securitytracker.com/id?1024976

www.vupen.com/english/advisories/2010/2003

www.vupen.com/english/advisories/2010/2149

www.vupen.com/english/advisories/2010/2228

www.vupen.com/english/advisories/2010/2905

www.vupen.com/english/advisories/2011/0150

www.vupen.com/english/advisories/2011/0230

www.vupen.com/english/advisories/2011/0279

bugzilla.redhat.com/show_bug.cgi?id=622529#c6

bugzilla.redhat.com/show_bug.cgi?id=622555

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12144

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

High

0.149 Low

EPSS

Percentile

95.9%

JSON

Related for CVE-2010-2936

nvd1 ubuntucve1 cvelist1 prion1 nessus23 openvas17 securityvulns3 debian4 oraclelinux1 kaspersky1 redhat1 centos1 ubuntu1 fedora1 freebsd1 gentoo1 oracle1