Vulnerabilities > CVE-2006-2198 - Permissions, Privileges, and Access Controls vulnerability in multiple products

047910
CVSS 7.6 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
high complexity
openoffice
sun
CWE-264
nessus

Summary

OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Blue Boxing
    This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
  • Target Programs with Elevated Privileges
    This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_120185.NASL
    descriptionStarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09
    last seen2018-09-02
    modified2018-08-22
    plugin id22960
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=22960
    titleSolaris 5.10 (sparc) : 120185-19
    code
    #%NASL_MIN_LEVEL 80502
    
    # @DEPRECATED@
    #
    # This script has been deprecated as the associated patch is not
    # currently a recommended security fix.
    #
    # Disabled on 2011/09/17.
    
    #
    # (C) Tenable Network Security, Inc.
    #
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    include("compat.inc");
    
    if(description)
    {
     script_id(22960);
     script_version("1.33");
    
     script_name(english: "Solaris 5.10 (sparc) : 120185-19");
     script_cve_id("CVE-2006-2198", "CVE-2006-3117", "CVE-2006-5870", "CVE-2007-0002", "CVE-2007-0238", "CVE-2007-0239", "CVE-2007-0245", "CVE-2007-1466", "CVE-2007-2754", "CVE-2007-2834", "CVE-2007-4575");
     script_set_attribute(attribute: "synopsis", value:
    "The remote host is missing Sun Security Patch number 120185-19");
     script_set_attribute(attribute: "description", value:
    'StarOffice 8 (Solaris): Update 14.
    Date this patch was last updated by Sun : Sep/09/09');
     script_set_attribute(attribute: "solution", value:
    "You should install this patch for your system to be up-to-date.");
     script_set_attribute(attribute: "see_also", value:
    "https://getupdates.oracle.com/readme/120185-19");
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
     script_set_attribute(attribute:"canvas_package", value:'CANVAS');
     script_cwe_id(94);
     script_set_attribute(attribute:"plugin_publication_date", value: "2006/11/06");
     script_cvs_date("Date: 2019/10/25 13:36:23");
     script_set_attribute(attribute:"patch_publication_date", value: "2006/07/30");
     script_set_attribute(attribute:"vuln_publication_date", value: "2006/06/30");
     script_end_attributes();
    
     script_summary(english: "Check for patch 120185-19");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
     family["english"] = "Solaris Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/Solaris/showrev");
     exit(0);
    }
    
    
    
    # Deprecated.
    exit(0, "The associated patch is not currently a recommended security fix.");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-764.NASL
    description - CVE-2006-2198 macro security - CVE-2006-2199 java applets - CVE-2006-3117 corrupt file format more details at http://www.openoffice.org/security/bulletin-20060629.h tml Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24137
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24137
    titleFedora Core 4 : openoffice.org-2.0.1.1-7.1 (2006-764)
  • NASL familyWindows
    NASL idOPENOFFICE_ORG_203.NASL
    descriptionThe remote host is running a version of OpenOffice.org which is older than version 2.0.3. An attacker may use this to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have him open it. The file could be crafted in such a way that it could exploit a buffer overflow in OpenOffice.org
    last seen2020-06-01
    modified2020-06-02
    plugin id21784
    published2006-06-30
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21784
    titleOpenOffice < 2.0.3 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2006_040.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2006:040 (OpenOffice_org). Following security problems were found and fixed in OpenOffice_org: - CVE-2006-2198: A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon loading of the document. The user will not be asked or notified and the macro will have full access to system resources with current user
    last seen2019-10-28
    modified2007-02-18
    plugin id24420
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24420
    titleSUSE-SA:2006:040: OpenOffice_org
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_120190.NASL
    descriptionStarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09
    last seen2016-09-26
    modified2011-09-18
    plugin id23617
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=23617
    titleSolaris 5.9 (x86) : 120190-19
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_120186.NASL
    descriptionStarOffice 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/10/09
    last seen2016-09-26
    modified2011-09-18
    plugin id23616
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=23616
    titleSolaris 5.9 (x86) : 120186-19
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_120186-23.NASL
    descriptionStarOffice 8 (Solaris_x86): Update 18. Date this patch was last updated by Sun : Mar/15/11
    last seen2020-06-01
    modified2020-06-02
    plugin id107857
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107857
    titleSolaris 10 (x86) : 120186-23
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_120189.NASL
    descriptionStarSuite 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09
    last seen2018-09-02
    modified2018-08-22
    plugin id22961
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=22961
    titleSolaris 5.10 (sparc) : 120189-19
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_120190-23.NASL
    descriptionStarSuite 8 (Solaris_x86): Update 18. Date this patch was last updated by Sun : Mar/15/11
    last seen2020-06-01
    modified2020-06-02
    plugin id107858
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107858
    titleSolaris 10 (x86) : 120190-23
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_120189.NASL
    descriptionStarSuite 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09
    last seen2016-09-26
    modified2011-09-18
    plugin id23558
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=23558
    titleSolaris 5.9 (sparc) : 120189-19
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_120189-23.NASL
    descriptionStarSuite 8 (Solaris): Update 18. Date this patch was last updated by Sun : Mar/15/11
    last seen2020-06-01
    modified2020-06-02
    plugin id107356
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107356
    titleSolaris 10 (sparc) : 120189-23
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_120190.NASL
    descriptionStarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09
    last seen2018-09-01
    modified2018-08-22
    plugin id22994
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=22994
    titleSolaris 5.10 (x86) : 120190-19
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_120189.NASL
    descriptionStarSuite 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09
    last seen2016-09-26
    modified2011-09-18
    plugin id23420
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=23420
    titleSolaris 5.8 (sparc) : 120189-19
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0573.NASL
    descriptionUpdated openoffice.org packages are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. A Sun security specialist reported an issue with the application framework. An attacker could put macros into document locations that could cause OpenOffice.org to execute them when the file was opened by a victim. (CVE-2006-2198) A bug was found in the OpenOffice.org Java virtual machine implementation. An attacker could write a carefully crafted Java applet that can break through the
    last seen2020-06-01
    modified2020-06-02
    plugin id21916
    published2006-07-04
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21916
    titleRHEL 3 / 4 : openoffice.org (RHSA-2006:0573)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_OPENOFFICE_ORG-1698.NASL
    descriptionFollowing security problems were found in OpenOffice_org : - CVE-2006-2198: A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon loading of the document. The user will not be asked or notified and the macro will have full access to system resources with current user
    last seen2020-06-01
    modified2020-06-02
    plugin id27134
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27134
    titleopenSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-1698)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_120185.NASL
    descriptionStarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09
    last seen2016-09-26
    modified2011-09-18
    plugin id23419
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=23419
    titleSolaris 5.8 (sparc) : 120185-19
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0573.NASL
    descriptionUpdated openoffice.org packages are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. A Sun security specialist reported an issue with the application framework. An attacker could put macros into document locations that could cause OpenOffice.org to execute them when the file was opened by a victim. (CVE-2006-2198) A bug was found in the OpenOffice.org Java virtual machine implementation. An attacker could write a carefully crafted Java applet that can break through the
    last seen2020-06-01
    modified2020-06-02
    plugin id21906
    published2006-07-04
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21906
    titleCentOS 3 / 4 : openoffice.org (CESA-2006:0573)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200607-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200607-12 (OpenOffice.org: Multiple vulnerabilities) Internal security audits by OpenOffice.org have discovered three security vulnerabilities related to Java applets, macros and the XML file format parser. Specially crafted Java applets can break through the
    last seen2020-06-01
    modified2020-06-02
    plugin id22120
    published2006-07-29
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22120
    titleGLSA-200607-12 : OpenOffice.org: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-770.NASL
    description - CVE-2006-2198 macro security - CVE-2006-2199 java applets - CVE-2006-3117 corrupt file format more details at http://www.openoffice.org/security/bulletin-20060629.h tml Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24139
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24139
    titleFedora Core 5 : openoffice.org-2.0.2-5.16.2 (2006-770)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-313-1.NASL
    descriptionIt was possible to embed Basic macros in documents in a way that OpenOffice.org would not ask for confirmation about executing them. By tricking a user into opening a malicious document, this could be exploited to run arbitrary Basic code (including local file access and modification) with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id27888
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27888
    titleUbuntu 5.04 / 6.06 LTS : openoffice.org-amd64, openoffice.org vulnerabilities (USN-313-1)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_120186.NASL
    descriptionStarOffice 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/10/09
    last seen2018-09-01
    modified2018-08-22
    plugin id22993
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=22993
    titleSolaris 5.10 (x86) : 120186-19
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_120185-23.NASL
    descriptionStarOffice 8 (Solaris): Update 18. Date this patch was last updated by Sun : Mar/15/11
    last seen2020-06-01
    modified2020-06-02
    plugin id107355
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107355
    titleSolaris 10 (sparc) : 120185-23
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-313-2.NASL
    descriptionUSN-313-1 fixed several vulnerabilities in OpenOffice for Ubuntu 5.04 and Ubuntu 6.06 LTS. This followup advisory provides the corresponding update for Ubuntu 5.10. For reference, these are the details of the original USN : It was possible to embed Basic macros in documents in a way that OpenOffice.org would not ask for confirmation about executing them. By tricking a user into opening a malicious document, this could be exploited to run arbitrary Basic code (including local file access and modification) with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id27889
    published2007-11-10
    reporterUbuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27889
    titleUbuntu 5.10 : openoffice.org2-amd64, openoffice.org2 vulnerabilities (USN-313-2)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1104.NASL
    descriptionLoading malformed XML documents can cause buffer overflows in OpenOffice.org, a free office suite, and cause a denial of service or execute arbitrary code. It turned out that the correction in DSA 1104-1 was not sufficient, hence, another update. For completeness please find the original advisory text below : Several vulnerabilities have been discovered in OpenOffice.org, a free office suite. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2006-2198 It turned out to be possible to embed arbitrary BASIC macros in documents in a way that OpenOffice.org does not see them but executes them anyway without any user interaction. - CVE-2006-2199 It is possible to evade the Java sandbox with specially crafted Java applets. - CVE-2006-3117 Loading malformed XML documents can cause buffer overflows and cause a denial of service or execute arbitrary code. This update has the Mozilla component disabled, so that the Mozilla/LDAP addressbook feature won
    last seen2020-06-01
    modified2020-06-02
    plugin id22646
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22646
    titleDebian DSA-1104-2 : openoffice.org - several vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-005.NASL
    descriptionRectifies an error patch condition where by corrupt wmf/emf files with out of bounds values in the emf/wmf file could enable an attacker by constructing a malicious file to execute arbitrary code if opened in OpenOffice by a victim. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24184
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24184
    titleFedora Core 5 : openoffice.org-2.0.2-5.20.2 / Fedora Core 6 : openoffice.org-2.0.4-5.5.10 (2007-005)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_120185.NASL
    descriptionStarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09
    last seen2016-09-26
    modified2011-09-18
    plugin id23557
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=23557
    titleSolaris 5.9 (sparc) : 120185-19
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_X86_120186.NASL
    descriptionStarOffice 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/10/09
    last seen2016-09-26
    modified2011-09-18
    plugin id23467
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=23467
    titleSolaris 5.8 (x86) : 120186-19
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_X86_120190.NASL
    descriptionStarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09
    last seen2016-09-26
    modified2011-09-18
    plugin id23468
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=23468
    titleSolaris 5.8 (x86) : 120190-19
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-118.NASL
    descriptionOpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. (CVE-2006-2198) An unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. (CVE-2006-2199) Heap-based buffer overflow in OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka
    last seen2020-06-01
    modified2020-06-02
    plugin id22014
    published2006-07-10
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22014
    titleMandrake Linux Security Advisory : OpenOffice.org (MDKSA-2006:118)

Oval

accepted2013-04-29T04:11:21.883-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionOpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user.
familyunix
idoval:org.mitre.oval:def:11082
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleOpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user.
version26

Redhat

advisories
rhsa
idRHSA-2006:0573
rpms
  • openoffice.org-0:1.1.2-34.2.0.EL3
  • openoffice.org-0:1.1.2-34.6.0.EL4
  • openoffice.org-debuginfo-0:1.1.2-34.2.0.EL3
  • openoffice.org-debuginfo-0:1.1.2-34.6.0.EL4
  • openoffice.org-i18n-0:1.1.2-34.2.0.EL3
  • openoffice.org-i18n-0:1.1.2-34.6.0.EL4
  • openoffice.org-kde-0:1.1.2-34.6.0.EL4
  • openoffice.org-libs-0:1.1.2-34.2.0.EL3
  • openoffice.org-libs-0:1.1.2-34.6.0.EL4