Vulnerability Details : CVE-2010-2935
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-2935
Probability of exploitation activity in the next 30 days: 12.75%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2935
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2010-2935
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2935
-
http://www.vupen.com/english/advisories/2011/0230
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2010/2905
Webmail | OVH- OVH
-
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:024
-
http://securityevaluators.com/files/papers/CrashAnalysis.pdf
404 Not Found
-
http://www.redhat.com/support/errata/RHSA-2010-0643.html
Support
-
http://www.debian.org/security/2010/dsa-2099
Debian -- Security Information -- DSA-2099-1 openoffice.org
-
http://www.vupen.com/english/advisories/2010/2003
Webmail | OVH- OVHVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=622529
622529 – (CVE-2010-2935) CVE-2010-2935 OpenOffice.Org: Integer truncation error by parsing specially-crafted Microsoft PowerPoint document
-
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:019
-
http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690
OpenOffice.org Mailing List Archives
-
http://www.vupen.com/english/advisories/2010/2149
Webmail | OVH- OVHVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:221
mandriva.com
-
http://www.openwall.com/lists/oss-security/2010/08/11/4
oss-security - Re: CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow
-
http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html
CVE-2010-2935
-
http://ubuntu.com/usn/usn-1056-1
USN-1056-1: OpenOffice.org vulnerabilities | Ubuntu security notices
-
http://www.openwall.com/lists/oss-security/2010/08/11/1
oss-security - CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow
-
http://www.vupen.com/english/advisories/2011/0279
Webmail | OVH- OVH
-
http://www.securitytracker.com/id?1024352
OpenOffice.org Impress Buffer Overflows Let Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.vupen.com/english/advisories/2011/0150
Webmail | OVH- OVH
-
http://www.securitytracker.com/id?1024976
OpenOffice Bugs in Processing PowerPoint Files Let Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
Oracle Critical Patch Update - January 2011
-
http://www.vupen.com/english/advisories/2010/2228
Webmail | OVH- OVH
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063
Repository / Oval Repository
-
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
OpenOffice, LibreOffice: Multiple vulnerabilities (GLSA 201408-19) — Gentoo security
Products affected by CVE-2010-2935
- cpe:2.3:a:openoffice:openoffice.org:3.2.1:*:*:*:*:*:*:*