CVE-2012-0037

CVSS V2 Medium 4.3 CVSS V3 None
Description
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Overview
  • CVE ID
  • CVE-2012-0037
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2012-06-17T03:41:40
  • Last Modified Date
  • 2023-02-13T03:24:12
Weakness Enumerations
CWE URL
CWE-200 http://cwe.mitre.org/data/definitions/200.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:apache:openoffice.org:3.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:openoffice.org:3.4:beta:*:*:*:*:*:* 1 OR
cpe:2.3:a:redland:libraptor:*:*:*:*:*:*:*:* 1 OR 2.0.6
cpe:2.3:a:libreoffice:libreoffice:3.3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:libreoffice:libreoffice:3.3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:libreoffice:libreoffice:3.3.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:libreoffice:libreoffice:3.3.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:libreoffice:libreoffice:3.3.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:libreoffice:libreoffice:3.4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:libreoffice:libreoffice:3.4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:libreoffice:libreoffice:3.4.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:libreoffice:libreoffice:3.4.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:libreoffice:libreoffice:3.5:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://www.debian.org/security/2012/dsa-2438
http://www.libreoffice.org/advisories/CVE-2012-0037/ Vendor Advisory
http://secunia.com/advisories/48493 Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-0411.html
http://rhn.redhat.com/errata/RHSA-2012-0410.html
http://www.osvdb.org/80307
http://secunia.com/advisories/48529 Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:063
http://www.openwall.com/lists/oss-security/2012/03/27/4
http://www.mandriva.com/security/advisories?name=MDVSA-2012:062
http://secunia.com/advisories/48526 Vendor Advisory
http://librdf.org/raptor/RELEASE.html#rel2_0_7
http://secunia.com/advisories/48479 Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:061
http://secunia.com/advisories/48542 Vendor Advisory
http://vsecurity.com/resources/advisory/20120324-1/
http://www.securityfocus.com/bid/52681
http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/
http://secunia.com/advisories/48494
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html
http://secunia.com/advisories/48649
http://www.securitytracker.com/id?1026837
http://security.gentoo.org/glsa/glsa-201209-05.xml
http://secunia.com/advisories/50692
https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0
http://secunia.com/advisories/60799
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
http://www.openoffice.org/security/cves/CVE-2012-0037.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/74235
https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0@%3Ccommits.openoffice.apache.org%3E
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2012-0037
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0037
History
Created Old Value New Value Data Type Notes
2022-05-10 08:51:45 Added to TrackCVE
2023-02-13 05:04:53 2023-02-13T03:24:12 CVE Modified Date updated