Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-0037

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.

Published

2012-06-17T03:41:40.107

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	librdf	raptor	< 2.0.7	Yes
Application	libreoffice	libreoffice	< 3.4.6	Yes
Application	libreoffice	libreoffice	3.5.0	Yes
Application	apache	openoffice	3.3.0	Yes
Application	apache	openoffice	3.4.0	Yes
Operating System	fedoraproject	fedora	16	Yes
Operating System	fedoraproject	fedora	17	Yes
Application	redhat	gluster_storage_server_for_on-premise	2.0	Yes
Application	redhat	storage	2.0	Yes
Application	redhat	storage_for_public_cloud	2.0	Yes
Operating System	redhat	enterprise_linux_desktop	5.0	Yes
Operating System	redhat	enterprise_linux_desktop	6.0	Yes
Operating System	redhat	enterprise_linux_eus	6.2	Yes
Operating System	redhat	enterprise_linux_server	5.0	Yes
Operating System	redhat	enterprise_linux_server	6.0	Yes
Operating System	redhat	enterprise_linux_server_aus	6.2	Yes
Operating System	redhat	enterprise_linux_workstation	5.0	Yes
Operating System	redhat	enterprise_linux_workstation	6.0	Yes
Operating System	debian	debian_linux	6.0	Yes

References

http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/ Release Notes ([email protected])
http://librdf.org/raptor/RELEASE.html#rel2_0_7 Release Notes ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html Mailing List ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html Mailing List ([email protected])
http://rhn.redhat.com/errata/RHSA-2012-0410.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2012-0411.html Third Party Advisory ([email protected])
http://secunia.com/advisories/48479 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/48493 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/48494 Broken Link ([email protected])
http://secunia.com/advisories/48526 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/48529 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/48542 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/48649 Broken Link ([email protected])
http://secunia.com/advisories/50692 Broken Link ([email protected])
http://secunia.com/advisories/60799 Broken Link ([email protected])
http://security.gentoo.org/glsa/glsa-201209-05.xml Third Party Advisory ([email protected])
http://vsecurity.com/resources/advisory/20120324-1/ Broken Link ([email protected])
http://www.debian.org/security/2012/dsa-2438 Third Party Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml Third Party Advisory ([email protected])
http://www.libreoffice.org/advisories/CVE-2012-0037/ Vendor Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2012:061 Broken Link ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2012:062 Broken Link ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2012:063 Broken Link ([email protected])
http://www.openoffice.org/security/cves/CVE-2012-0037.html Mitigation, Patch ([email protected])
http://www.openwall.com/lists/oss-security/2012/03/27/4 Exploit, Mailing List ([email protected])
http://www.osvdb.org/80307 Broken Link ([email protected])
http://www.securityfocus.com/bid/52681 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1026837 Broken Link, Third Party Advisory, VDB Entry ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/74235 Third Party Advisory, VDB Entry ([email protected])
https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0 Patch ([email protected])
https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E Mailing List, Patch ([email protected])
http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/ Release Notes (af854a3a-2127-422b-91ae-364da2661108)
http://librdf.org/raptor/RELEASE.html#rel2_0_7 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2012-0410.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2012-0411.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48479 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48493 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48494 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48526 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48529 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48542 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48649 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/50692 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/60799 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201209-05.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://vsecurity.com/resources/advisory/20120324-1/ Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2012/dsa-2438 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.libreoffice.org/advisories/CVE-2012-0037/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2012:061 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2012:062 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2012:063 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.openoffice.org/security/cves/CVE-2012-0037.html Mitigation, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2012/03/27/4 Exploit, Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/80307 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/52681 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1026837 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74235 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)