CVE-2010-3454

Name of the Vulnerable Software and Affected Versions OpenOffice.org (OOo) versions 2.x through 3.x before 3.3

Description The issue is related to multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter, which can be triggered by crafted typography information in a Microsoft Word .DOC file. This can lead to a denial of service (application crash) or possibly allow remote attackers to execute arbitrary code. The vulnerability can also allow attackers to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For OpenOffice.org (OOo) versions 2.x through 3.x before 3.3, update to version 3.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted Microsoft Word .DOC files that may trigger the out-of-bounds write. Restrict access to potentially malicious .DOC files to minimize the risk of exploitation.