Vulnerabilities > CVE-2006-2199

CVSS 7.6 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

high complexity

openoffice

sun

nessus

NVD

Published: 2006-06-30

Updated: 2018-10-18

Summary

Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents.

Vulnerable Configurations

Part	Description	Count
Application	Openoffice Openoffice Openoffice 1.1.0 Openoffice Openoffice 1.1.1 Openoffice Openoffice 1.1.2 Openoffice Openoffice 1.1.3 Openoffice Openoffice 1.1.4 Openoffice Openoffice 1.1.5 Openoffice Openoffice 2.0.0 Openoffice Openoffice 2.0.1 Openoffice Openoffice 2.0.2	9
Application	Sun SUN Staroffice 6.0 SUN Staroffice 7.0 SUN Staroffice 8.0	3

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2006-764.NASL
description	- CVE-2006-2198 macro security - CVE-2006-2199 java applets - CVE-2006-3117 corrupt file format more details at http://www.openoffice.org/security/bulletin-20060629.h tml Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	24137
published	2007-01-17
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24137
title	Fedora Core 4 : openoffice.org-2.0.1.1-7.1 (2006-764)

NASL family	Windows
NASL id	OPENOFFICE_ORG_203.NASL
description	The remote host is running a version of OpenOffice.org which is older than version 2.0.3. An attacker may use this to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have him open it. The file could be crafted in such a way that it could exploit a buffer overflow in OpenOffice.org
last seen	2020-06-01
modified	2020-06-02
plugin id	21784
published	2006-06-30
reporter	This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/21784
title	OpenOffice < 2.0.3 Multiple Vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_SA_2006_040.NASL
description	The remote host is missing the patch for the advisory SUSE-SA:2006:040 (OpenOffice_org). Following security problems were found and fixed in OpenOffice_org: - CVE-2006-2198: A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon loading of the document. The user will not be asked or notified and the macro will have full access to system resources with current user
last seen	2019-10-28
modified	2007-02-18
plugin id	24420
published	2007-02-18
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24420
title	SUSE-SA:2006:040: OpenOffice_org

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2006-0573.NASL
description	Updated openoffice.org packages are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. A Sun security specialist reported an issue with the application framework. An attacker could put macros into document locations that could cause OpenOffice.org to execute them when the file was opened by a victim. (CVE-2006-2198) A bug was found in the OpenOffice.org Java virtual machine implementation. An attacker could write a carefully crafted Java applet that can break through the
last seen	2020-06-01
modified	2020-06-02
plugin id	21916
published	2006-07-04
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/21916
title	RHEL 3 / 4 : openoffice.org (RHSA-2006:0573)

NASL family	SuSE Local Security Checks
NASL id	SUSE_OPENOFFICE_ORG-1698.NASL
description	Following security problems were found in OpenOffice_org : - CVE-2006-2198: A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon loading of the document. The user will not be asked or notified and the macro will have full access to system resources with current user
last seen	2020-06-01
modified	2020-06-02
plugin id	27134
published	2007-10-17
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27134
title	openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-1698)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2006-0573.NASL
description	Updated openoffice.org packages are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. A Sun security specialist reported an issue with the application framework. An attacker could put macros into document locations that could cause OpenOffice.org to execute them when the file was opened by a victim. (CVE-2006-2198) A bug was found in the OpenOffice.org Java virtual machine implementation. An attacker could write a carefully crafted Java applet that can break through the
last seen	2020-06-01
modified	2020-06-02
plugin id	21906
published	2006-07-04
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/21906
title	CentOS 3 / 4 : openoffice.org (CESA-2006:0573)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200607-12.NASL
description	The remote host is affected by the vulnerability described in GLSA-200607-12 (OpenOffice.org: Multiple vulnerabilities) Internal security audits by OpenOffice.org have discovered three security vulnerabilities related to Java applets, macros and the XML file format parser. Specially crafted Java applets can break through the
last seen	2020-06-01
modified	2020-06-02
plugin id	22120
published	2006-07-29
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/22120
title	GLSA-200607-12 : OpenOffice.org: Multiple vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2006-770.NASL
description	- CVE-2006-2198 macro security - CVE-2006-2199 java applets - CVE-2006-3117 corrupt file format more details at http://www.openoffice.org/security/bulletin-20060629.h tml Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	24139
published	2007-01-17
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24139
title	Fedora Core 5 : openoffice.org-2.0.2-5.16.2 (2006-770)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-313-1.NASL
description	It was possible to embed Basic macros in documents in a way that OpenOffice.org would not ask for confirmation about executing them. By tricking a user into opening a malicious document, this could be exploited to run arbitrary Basic code (including local file access and modification) with the user
last seen	2020-06-01
modified	2020-06-02
plugin id	27888
published	2007-11-10
reporter	Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27888
title	Ubuntu 5.04 / 6.06 LTS : openoffice.org-amd64, openoffice.org vulnerabilities (USN-313-1)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-313-2.NASL
description	USN-313-1 fixed several vulnerabilities in OpenOffice for Ubuntu 5.04 and Ubuntu 6.06 LTS. This followup advisory provides the corresponding update for Ubuntu 5.10. For reference, these are the details of the original USN : It was possible to embed Basic macros in documents in a way that OpenOffice.org would not ask for confirmation about executing them. By tricking a user into opening a malicious document, this could be exploited to run arbitrary Basic code (including local file access and modification) with the user
last seen	2020-06-01
modified	2020-06-02
plugin id	27889
published	2007-11-10
reporter	Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27889
title	Ubuntu 5.10 : openoffice.org2-amd64, openoffice.org2 vulnerabilities (USN-313-2)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1104.NASL
description	Loading malformed XML documents can cause buffer overflows in OpenOffice.org, a free office suite, and cause a denial of service or execute arbitrary code. It turned out that the correction in DSA 1104-1 was not sufficient, hence, another update. For completeness please find the original advisory text below : Several vulnerabilities have been discovered in OpenOffice.org, a free office suite. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2006-2198 It turned out to be possible to embed arbitrary BASIC macros in documents in a way that OpenOffice.org does not see them but executes them anyway without any user interaction. - CVE-2006-2199 It is possible to evade the Java sandbox with specially crafted Java applets. - CVE-2006-3117 Loading malformed XML documents can cause buffer overflows and cause a denial of service or execute arbitrary code. This update has the Mozilla component disabled, so that the Mozilla/LDAP addressbook feature won
last seen	2020-06-01
modified	2020-06-02
plugin id	22646
published	2006-10-14
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/22646
title	Debian DSA-1104-2 : openoffice.org - several vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-005.NASL
description	Rectifies an error patch condition where by corrupt wmf/emf files with out of bounds values in the emf/wmf file could enable an attacker by constructing a malicious file to execute arbitrary code if opened in OpenOffice by a victim. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	24184
published	2007-01-17
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24184
title	Fedora Core 5 : openoffice.org-2.0.2-5.20.2 / Fedora Core 6 : openoffice.org-2.0.4-5.5.10 (2007-005)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2006-118.NASL
description	OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. (CVE-2006-2198) An unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. (CVE-2006-2199) Heap-based buffer overflow in OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka
last seen	2020-06-01
modified	2020-06-02
plugin id	22014
published	2006-07-10
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/22014
title	Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2006:118)

Oval

accepted

2013-04-29T04:13:21.438-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:11338

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

rhsa

id	RHSA-2006:0573

rpms

openoffice.org-0:1.1.2-34.2.0.EL3
openoffice.org-0:1.1.2-34.6.0.EL4
openoffice.org-debuginfo-0:1.1.2-34.2.0.EL3
openoffice.org-debuginfo-0:1.1.2-34.6.0.EL4
openoffice.org-i18n-0:1.1.2-34.2.0.EL3
openoffice.org-i18n-0:1.1.2-34.6.0.EL4
openoffice.org-kde-0:1.1.2-34.6.0.EL4
openoffice.org-libs-0:1.1.2-34.2.0.EL3
openoffice.org-libs-0:1.1.2-34.6.0.EL4

Vulnerabilities > CVE-2006-2199 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2006-2199"}]}

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References

Vulnerabilities > CVE-2006-2199