Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2012-0037

Published: 17/06/2012 Updated: 15/02/2024
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Raptor

Vulnerability Summary

Redland Raptor (aka libraptor) prior to 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice prior to 3.4.6 and 3.5.x prior to 3.5.1, and other products, allows user-assisted remote malicious users to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

librdf raptor

libreoffice libreoffice 3.5.0

libreoffice libreoffice

apache openoffice 3.3.0

apache openoffice 3.4.0

fedoraproject fedora 17

fedoraproject fedora 16

redhat enterprise linux server 5.0

redhat enterprise linux server aus 6.2

redhat enterprise linux workstation 5.0

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux desktop 5.0

redhat storage 2.0

redhat storage for public cloud 2.0

redhat enterprise linux eus 6.2

redhat gluster storage server for on-premise 2.0

debian debian linux 6.0

Vendor Advisories

Debian CVElist Bug Report Logs: raptor: Fix for CVE-2012-0037 no applied during build
Debian Bug report logs - #677427 raptor: Fix for CVE-2012-0037 no applied during build Package: raptor; Maintainer for raptor is Dave Beckett <dajobe@debianorg>; Reported by: Jamie Strandboge <jamie@ubuntucom> Date: Wed, 13 Jun 2012 21:33:02 UTC Severity: grave Tags: patch, security Found in version 1421-7 Fixed ...
Red Hat: Important: openoffice.org security update
Synopsis Important: openofficeorg security update Type/Severity Security Advisory: Important Topic Updated openofficeorg packages that fix one security issue are nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact A Commo ...
Red Hat: Important: raptor security update
Synopsis Important: raptor security update Type/Severity Security Advisory: Important Topic Updated raptor packages that fix one security issue are now available forRed Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulnerability ...
Ubuntu Security Notice: raptor2 vulnerability
Applications using Raptor could be made to expose sensitive information or run programs as your login if they opened a specially crafted file ...
Ubuntu Security Notice: raptor vulnerability
Applications using Raptor could be made to expose sensitive information or run programs as your login if they opened a specially crafted file ...

References

CWE-611http://www.debian.org/security/2012/dsa-2438http://www.libreoffice.org/advisories/CVE-2012-0037/http://secunia.com/advisories/48493http://rhn.redhat.com/errata/RHSA-2012-0411.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0410.htmlhttp://www.osvdb.org/80307http://secunia.com/advisories/48529http://www.mandriva.com/security/advisories?name=MDVSA-2012:063http://www.openwall.com/lists/oss-security/2012/03/27/4http://www.mandriva.com/security/advisories?name=MDVSA-2012:062http://secunia.com/advisories/48526http://librdf.org/raptor/RELEASE.html#rel2_0_7http://secunia.com/advisories/48479http://www.mandriva.com/security/advisories?name=MDVSA-2012:061http://secunia.com/advisories/48542http://vsecurity.com/resources/advisory/20120324-1/http://www.securityfocus.com/bid/52681http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/http://secunia.com/advisories/48494http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.htmlhttp://secunia.com/advisories/48649http://www.securitytracker.com/id?1026837http://security.gentoo.org/glsa/glsa-201209-05.xmlhttp://secunia.com/advisories/50692https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0http://secunia.com/advisories/60799http://www.gentoo.org/security/en/glsa/glsa-201408-19.xmlhttp://www.openoffice.org/security/cves/CVE-2012-0037.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74235https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677427https://usn.ubuntu.com/1901-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook