CVE-2010-3689

Name of the Vulnerable Software and Affected Versions OpenOffice.org (OOo) versions 3.x before 3.3

Description The issue is related to the environment variable LD LIBRARY PATH in Apache OpenOffice office programs, which is connected to a lack of privilege control mechanisms and access management means. Exploitation of this issue may allow an attacker to gain unauthorized access to confidential data, cause a denial of service, or impact data integrity. It is specifically noted that the soffice component in OpenOffice.org places a zero-length directory name in the LD LIBRARY PATH, allowing local users to gain privileges via a Trojan horse shared library in the current working directory.

Recommendations For OpenOffice.org (OOo) versions 3.x before 3.3, consider updating to version 3.3 or later to resolve the issue. As a temporary workaround, restrict access to the LD LIBRARY PATH environment variable to minimize the risk of exploitation. Avoid using shared libraries from untrusted sources in the current working directory until the issue is resolved.