Vulnerabilities > CVE-2006-2197 - Numeric Errors vulnerability in Wvware WV2 0.2.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Integer overflow in wv2 before 0.2.3 might allow context-dependent attackers to execute arbitrary code via a crafted Microsoft Word document. This vulnerability is addressed in the following product release: Debian, wv2, 0.2.2-1
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1100.NASL description A boundary checking error has been discovered in wv2, a library for accessing Microsoft Word documents, which can lead to an integer overflow induced by processing word files. last seen 2020-06-01 modified 2020-06-02 plugin id 22642 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22642 title Debian DSA-1100-1 : wv2 - integer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1100. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22642); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2006-2197"); script_xref(name:"DSA", value:"1100"); script_name(english:"Debian DSA-1100-1 : wv2 - integer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "A boundary checking error has been discovered in wv2, a library for accessing Microsoft Word documents, which can lead to an integer overflow induced by processing word files." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1100" ); script_set_attribute( attribute:"solution", value: "Upgrade the libwv packages. The old stable distribution (woody) does not contain wv2 packages. For the stable distribution (sarge) this problem has been fixed in version 0.2.2-1sarge1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wv2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/06/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"libwv2-1", reference:"0.2.2-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"libwv2-dev", reference:"0.2.2-1sarge1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B9044CC28AA511DBBD0D00123FFE8333.NASL description Secunia reports : A vulnerability has been reported in wvWare wv2 Library, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to an integer overflow error in last seen 2020-06-01 modified 2020-06-02 plugin id 23850 published 2006-12-14 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23850 title FreeBSD : wv2 -- Integer Overflow Vulnerability (b9044cc2-8aa5-11db-bd0d-00123ffe8333) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(23850); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:38"); script_cve_id("CVE-2006-2197"); script_xref(name:"Secunia", value:"20665"); script_name(english:"FreeBSD : wv2 -- Integer Overflow Vulnerability (b9044cc2-8aa5-11db-bd0d-00123ffe8333)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Secunia reports : A vulnerability has been reported in wvWare wv2 Library, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to an integer overflow error in 'word_helper.h' when handling a Word document. This can be exploited to cause a buffer overflow and may allow arbitrary code execution via a specially crafted Word document." ); # https://vuxml.freebsd.org/freebsd/b9044cc2-8aa5-11db-bd0d-00123ffe8333.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c2affbc1" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:wv2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/12"); script_set_attribute(attribute:"patch_publication_date", value:"2006/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"wv2<0.2.3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-109.NASL description A boundary checking error was discovered in the wv2 library, used for accessing Microsoft Word documents. This error can lead to an integer overflow induced by processing certain Word files. The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21753 published 2006-06-24 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21753 title Mandrake Linux Security Advisory : wv2 (MDKSA-2006:109) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:109. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(21753); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2006-2197"); script_bugtraq_id(18437); script_xref(name:"MDKSA", value:"2006:109"); script_name(english:"Mandrake Linux Security Advisory : wv2 (MDKSA-2006:109)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A boundary checking error was discovered in the wv2 library, used for accessing Microsoft Word documents. This error can lead to an integer overflow induced by processing certain Word files. The updated packages have been patched to correct these issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wv2_1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wv2_1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwv2_1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwv2_1-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"patch_publication_date", value:"2006/06/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/06/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64wv2_1-0.2.2-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64wv2_1-devel-0.2.2-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libwv2_1-0.2.2-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libwv2_1-devel-0.2.2-3.1.20060mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_WV2-1687.NASL description The wv2 library was updated to fix some boundary checks which could be exploited by maliciously crafted files to access memory outside bounds and possibly execute arbitrary code. (CVE-2006-2197) last seen 2020-06-01 modified 2020-06-02 plugin id 27480 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27480 title openSUSE 10 Security Update : wv2 (wv2-1687) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200606-24.NASL description The remote host is affected by the vulnerability described in GLSA-200606-24 (wv2: Integer overflow) A boundary checking error was found in wv2, which could lead to an integer overflow. Impact : An attacker could execute arbitrary code with the rights of the user running the program that uses the library via a maliciously crafted Microsoft Word document. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 21750 published 2006-06-24 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21750 title GLSA-200606-24 : wv2: Integer overflow NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-300-1.NASL description libwv2 did not sufficiently check the validity of its input. Certain invalid Word documents caused a buffer overflow. By tricking a user into opening a specially crafted Word file with an application that uses libwv2, this could be exploited to execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 27875 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27875 title Ubuntu 5.04 / 5.10 / 6.06 LTS : wv2 vulnerability (USN-300-1)
References
- http://secunia.com/advisories/20665
- http://secunia.com/advisories/20688
- http://secunia.com/advisories/20689
- http://secunia.com/advisories/20826
- http://secunia.com/advisories/20844
- http://secunia.com/advisories/20899
- http://securitytracker.com/id?1016313
- http://sourceforge.net/project/shownotes.php?group_id=10501&release_id=424094
- http://www.debian.org/security/2006/dsa-1100
- http://www.gentoo.org/security/en/glsa/glsa-200606-24.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:109
- http://www.novell.com/linux/security/advisories/2006_38_security.html
- http://www.securityfocus.com/bid/18437
- http://www.vupen.com/english/advisories/2006/2350
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27184
- https://usn.ubuntu.com/300-1/