Vulnerabilities > CVE-2006-5870 - Numeric Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 3 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_120185.NASL description StarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09 last seen 2018-09-02 modified 2018-08-22 plugin id 22960 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22960 title Solaris 5.10 (sparc) : 120185-19 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(22960); script_version("1.33"); script_name(english: "Solaris 5.10 (sparc) : 120185-19"); script_cve_id("CVE-2006-2198", "CVE-2006-3117", "CVE-2006-5870", "CVE-2007-0002", "CVE-2007-0238", "CVE-2007-0239", "CVE-2007-0245", "CVE-2007-1466", "CVE-2007-2754", "CVE-2007-2834", "CVE-2007-4575"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 120185-19"); script_set_attribute(attribute: "description", value: 'StarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/120185-19"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(94); script_set_attribute(attribute:"plugin_publication_date", value: "2006/11/06"); script_cvs_date("Date: 2019/10/25 13:36:23"); script_set_attribute(attribute:"patch_publication_date", value: "2006/07/30"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/06/30"); script_end_attributes(); script_summary(english: "Check for patch 120185-19"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0001.NASL description From Red Hat Security Advisory 2007:0001 : Updated openoffice.org packages are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Several integer overflow bugs were found in the OpenOffice.org WMF file processor. An attacker could create a carefully crafted WMF file that could cause OpenOffice.org to execute arbitrary code when the file was opened by a victim. (CVE-2006-5870) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported fix for this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67433 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67433 title Oracle Linux 4 : openoffice.org (ELSA-2007-0001) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_120190.NASL description StarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23617 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23617 title Solaris 5.9 (x86) : 120190-19 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_120186.NASL description StarOffice 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/10/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23616 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23616 title Solaris 5.9 (x86) : 120186-19 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120186-23.NASL description StarOffice 8 (Solaris_x86): Update 18. Date this patch was last updated by Sun : Mar/15/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107857 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107857 title Solaris 10 (x86) : 120186-23 NASL family Solaris Local Security Checks NASL id SOLARIS10_120189.NASL description StarSuite 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09 last seen 2018-09-02 modified 2018-08-22 plugin id 22961 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22961 title Solaris 5.10 (sparc) : 120189-19 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1246.NASL description John Heasman from Next Generation Security Software discovered a heap overflow in the handling of Windows Metafiles in OpenOffice.org, the free office suite, which could lead to a denial of service and potentially execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 24006 published 2007-01-11 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24006 title Debian DSA-1246-1 : openoffice.org - buffer overflow NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120190-23.NASL description StarSuite 8 (Solaris_x86): Update 18. Date this patch was last updated by Sun : Mar/15/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107858 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107858 title Solaris 10 (x86) : 120190-23 NASL family SuSE Local Security Checks NASL id SUSE_SA_2007_001.NASL description The remote host is missing the patch for the advisory SUSE-SA:2007:001 (OpenOffice_org). Security problems were fixed in the WMF and Enhanced WMF handling in OpenOffice_org These could potentially be used to execute code or crash OpenOffice when a user could be convinced to open specially crafted document (for instance a document sent by E-mail). This issue is tracked by the Mitre CVE ID CVE-2006-5870. openSUSE 10.2 is not affected by this problem, it already contains the fixed OpenOffice_org 2.1 version. Additionally the OpenOffice_org 2.0 version in SLED 10 was fitted with hooks to add OfficeXML support with a later update. Due to the very large size of this update and mirror lag it might take some hours or days until the updates are available on our mirrors. last seen 2019-10-28 modified 2007-02-18 plugin id 24456 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24456 title SUSE-SA:2007:001: OpenOffice_org NASL family Solaris Local Security Checks NASL id SOLARIS9_120189.NASL description StarSuite 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23558 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23558 title Solaris 5.9 (sparc) : 120189-19 NASL family Solaris Local Security Checks NASL id SOLARIS10_120189-23.NASL description StarSuite 8 (Solaris): Update 18. Date this patch was last updated by Sun : Mar/15/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107356 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107356 title Solaris 10 (sparc) : 120189-23 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120190.NASL description StarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09 last seen 2018-09-01 modified 2018-08-22 plugin id 22994 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22994 title Solaris 5.10 (x86) : 120190-19 NASL family Solaris Local Security Checks NASL id SOLARIS8_120189.NASL description StarSuite 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23420 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23420 title Solaris 5.8 (sparc) : 120189-19 NASL family SuSE Local Security Checks NASL id SUSE_OPENOFFICE_ORG-2407.NASL description Following security problem was fixed in OpenOffice_org : - Bufferoverflows in WMF and Enhanced WMF handling in OpenOffice_org could be used to potentially execute code or crash OpenOffice_org. It is necessary that the user can be tricked to open a prepared document. (CVE-2006-5870) This update also adds code to later hook in the OfficeXML converter (odf-converter.sf.net). last seen 2020-06-01 modified 2020-06-02 plugin id 29364 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29364 title SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 2407) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200701-07.NASL description The remote host is affected by the vulnerability described in GLSA-200701-07 (OpenOffice.org: EMF/WMF file handling vulnerabilities) John Heasman of NGSSoftware has discovered integer overflows in the EMR_POLYPOLYGON and EMR_POLYPOLYGON16 processing and an error within the handling of META_ESCAPE records. Impact : An attacker could exploit these vulnerabilities to cause heap overflows and potentially execute arbitrary code with the privileges of the user running OpenOffice.org by enticing the user to open a document containing a malicious WMF/EMF file. Workaround : There is no known workaround known at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 24205 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24205 title GLSA-200701-07 : OpenOffice.org: EMF/WMF file handling vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS8_120185.NASL description StarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23419 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23419 title Solaris 5.8 (sparc) : 120185-19 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0001.NASL description Updated openoffice.org packages are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Several integer overflow bugs were found in the OpenOffice.org WMF file processor. An attacker could create a carefully crafted WMF file that could cause OpenOffice.org to execute arbitrary code when the file was opened by a victim. (CVE-2006-5870) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported fix for this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 23993 published 2007-01-08 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23993 title RHEL 3 / 4 : openoffice.org (RHSA-2007:0001) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-406-1.NASL description An integer overflow was discovered in OpenOffice.org last seen 2020-06-01 modified 2020-06-02 plugin id 27994 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27994 title Ubuntu 5.10 / 6.06 LTS : openoffice.org/-amd64, openoffice.org2/-amd64 vulnerability (USN-406-1) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-006.NASL description Several integer overflows were discovered in the OpenOffice.org WMF file processor. An attacker could create a carefully crafted WMF file that would cause OpenOffice.org to execute arbitrary code when opened. Updated packages are patched to address this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24622 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24622 title Mandrake Linux Security Advisory : openoffice.org (MDKSA-2007:006) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120186.NASL description StarOffice 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/10/09 last seen 2018-09-01 modified 2018-08-22 plugin id 22993 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22993 title Solaris 5.10 (x86) : 120186-19 NASL family SuSE Local Security Checks NASL id SUSE_OPENOFFICE_ORG-2408.NASL description Following security problem was fixed in OpenOffice_org : CVE-2006-5870: Bufferoverflows in WMF and Enhanced WMF handling in OpenOffice_org could be used to potentially execute code or crash OpenOffice_org. It is necessary that the user can be tricked to open a prepared document. This update also adds code to later hook in the OfficeXML converter (odf-converter.sf.net). last seen 2020-06-01 modified 2020-06-02 plugin id 27135 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27135 title openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-2408) NASL family Solaris Local Security Checks NASL id SOLARIS10_120185-23.NASL description StarOffice 8 (Solaris): Update 18. Date this patch was last updated by Sun : Mar/15/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107355 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107355 title Solaris 10 (sparc) : 120185-23 NASL family Fedora Local Security Checks NASL id FEDORA_2007-005.NASL description Rectifies an error patch condition where by corrupt wmf/emf files with out of bounds values in the emf/wmf file could enable an attacker by constructing a malicious file to execute arbitrary code if opened in OpenOffice by a victim. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24184 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24184 title Fedora Core 5 : openoffice.org-2.0.2-5.20.2 / Fedora Core 6 : openoffice.org-2.0.4-5.5.10 (2007-005) NASL family Solaris Local Security Checks NASL id SOLARIS9_120185.NASL description StarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23557 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23557 title Solaris 5.9 (sparc) : 120185-19 NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_120186.NASL description StarOffice 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/10/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23467 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23467 title Solaris 5.8 (x86) : 120186-19 NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_120190.NASL description StarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23468 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23468 title Solaris 5.8 (x86) : 120190-19 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0001.NASL description Updated openoffice.org packages are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Several integer overflow bugs were found in the OpenOffice.org WMF file processor. An attacker could create a carefully crafted WMF file that could cause OpenOffice.org to execute arbitrary code when the file was opened by a victim. (CVE-2006-5870) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported fix for this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 23984 published 2007-01-08 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23984 title CentOS 3 / 4 : openoffice.org (CESA-2007:0001)
Oval
accepted 2014-06-09T04:01:48.851-04:00 class vulnerability contributors name Thomas R. Jones organization Maitreya Security name Jonathan Baker organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation name Jerome Athias organization McAfee, Inc.
definition_extensions comment Novell Linux Desktop 9 is installed oval oval:org.mitre.oval:def:2090 comment SUSE Linux Desktop 1.0 is installed oval oval:org.mitre.oval:def:1366 comment SUSE Linux 10.1 is installed oval oval:org.mitre.oval:def:2157 comment Package OpenOffice_org is installed oval oval:org.mitre.oval:def:8865 comment Package OpenOffice_org-gnome is installed oval oval:org.mitre.oval:def:8914 comment Package OpenOffice_org-kde is installed oval oval:org.mitre.oval:def:9199 comment Package OpenOffice_org-mono is installed oval oval:org.mitre.oval:def:8222 comment Package OpenOffice_org-officebean is installed oval oval:org.mitre.oval:def:8541 comment SUSE Linux 10.0 is installed oval oval:org.mitre.oval:def:2027 comment Package OpenOffice_org is installed oval oval:org.mitre.oval:def:8865 comment Package OpenOffice_org-af is installed oval oval:org.mitre.oval:def:8974 comment Package OpenOffice_org-ar is installed oval oval:org.mitre.oval:def:8663 comment Package OpenOffice_org-be-BY is installed oval oval:org.mitre.oval:def:8432 comment Package OpenOffice_org-bg is installed oval oval:org.mitre.oval:def:8403 comment Package OpenOffice_org-ca is installed oval oval:org.mitre.oval:def:8887 comment Package OpenOffice_org-cs is installed oval oval:org.mitre.oval:def:8733 comment Package OpenOffice_org-cy is installed oval oval:org.mitre.oval:def:8329 comment Package OpenOffice_org-da is installed oval oval:org.mitre.oval:def:8998 comment Package OpenOffice_org-de is installed oval oval:org.mitre.oval:def:8688 comment Package OpenOffice_org-el is installed oval oval:org.mitre.oval:def:8801 comment Package OpenOffice_org-en-GB is installed oval oval:org.mitre.oval:def:8829 comment Package OpenOffice_org-es is installed oval oval:org.mitre.oval:def:8583 comment Package OpenOffice_org-et is installed oval oval:org.mitre.oval:def:8678 comment Package OpenOffice_org-fi is installed oval oval:org.mitre.oval:def:8451 comment Package OpenOffice_org-fr is installed oval oval:org.mitre.oval:def:8215 comment Package OpenOffice_org-galleries is installed oval oval:org.mitre.oval:def:8997 comment Package OpenOffice_org-gnome is installed oval oval:org.mitre.oval:def:8914 comment Package OpenOffice_org-gu-IN is installed oval oval:org.mitre.oval:def:8341 comment Package OpenOffice_org-hr is installed oval oval:org.mitre.oval:def:8715 comment Package OpenOffice_org-hu is installed oval oval:org.mitre.oval:def:8228 comment Package OpenOffice_org-hunspell is installed oval oval:org.mitre.oval:def:8892 comment Package OpenOffice_org-it is installed oval oval:org.mitre.oval:def:9104 comment Package OpenOffice_org-ja is installed oval oval:org.mitre.oval:def:8987 comment Package OpenOffice_org-kde is installed oval oval:org.mitre.oval:def:9199 comment Package OpenOffice_org-ko is installed oval oval:org.mitre.oval:def:8352 comment Package OpenOffice_org-mono is installed oval oval:org.mitre.oval:def:8222 comment Package OpenOffice_org-nb is installed oval oval:org.mitre.oval:def:8804 comment Package OpenOffice_org-nl is installed oval oval:org.mitre.oval:def:8611 comment Package OpenOffice_org-nn is installed oval oval:org.mitre.oval:def:8501 comment Package OpenOffice_org-officebean is installed oval oval:org.mitre.oval:def:8541 comment Package OpenOffice_org-pa-IN is installed oval oval:org.mitre.oval:def:8882 comment Package OpenOffice_org-pl is installed oval oval:org.mitre.oval:def:8799 comment Package OpenOffice_org-pt is installed oval oval:org.mitre.oval:def:8664 comment Package OpenOffice_org-pt-BR is installed oval oval:org.mitre.oval:def:8886 comment Package OpenOffice_org-ru is installed oval oval:org.mitre.oval:def:8389 comment Package OpenOffice_org-sk is installed oval oval:org.mitre.oval:def:8244 comment Package OpenOffice_org-sl is installed oval oval:org.mitre.oval:def:9181 comment Package OpenOffice_org-sv is installed oval oval:org.mitre.oval:def:8860 comment Package OpenOffice_org-tr is installed oval oval:org.mitre.oval:def:8707 comment Package OpenOffice_org-vi is installed oval oval:org.mitre.oval:def:8288 comment Package OpenOffice_org-xh is installed oval oval:org.mitre.oval:def:8477 comment Package OpenOffice_org-zh-CN is installed oval oval:org.mitre.oval:def:8995 comment Package OpenOffice_org-zh-TW is installed oval oval:org.mitre.oval:def:9146 comment Package OpenOffice_org-zu is installed oval oval:org.mitre.oval:def:8269 comment SUSE Linux Professional 9.3 is installed oval oval:org.mitre.oval:def:2044 comment Package OpenOffice_org1 is installed oval oval:org.mitre.oval:def:8264 comment Package OpenOffice_org1-ar is installed oval oval:org.mitre.oval:def:8777 comment Package OpenOffice_org1-ca is installed oval oval:org.mitre.oval:def:8915 comment Package OpenOffice_org1-cs is installed oval oval:org.mitre.oval:def:8357 comment Package OpenOffice_org1-da is installed oval oval:org.mitre.oval:def:8308 comment Package OpenOffice_org1-de is installed oval oval:org.mitre.oval:def:8533 comment Package OpenOffice_org1-el is installed oval oval:org.mitre.oval:def:8652 comment Package OpenOffice_org1-en is installed oval oval:org.mitre.oval:def:8958 comment Package OpenOffice_org1-es is installed oval oval:org.mitre.oval:def:8705 comment Package OpenOffice_org1-et is installed oval oval:org.mitre.oval:def:8681 comment Package OpenOffice_org1-fi is installed oval oval:org.mitre.oval:def:8815 comment Package OpenOffice_org1-fr is installed oval oval:org.mitre.oval:def:8672 comment Package OpenOffice_org1-gnome is installed oval oval:org.mitre.oval:def:8342 comment Package OpenOffice_org1-hu is installed oval oval:org.mitre.oval:def:8380 comment Package OpenOffice_org1-it is installed oval oval:org.mitre.oval:def:8691 comment Package OpenOffice_org1-ja is installed oval oval:org.mitre.oval:def:9174 comment Package OpenOffice_org1-kde is installed oval oval:org.mitre.oval:def:8774 comment Package OpenOffice_org1-ko is installed oval oval:org.mitre.oval:def:9070 comment Package OpenOffice_org1-nl is installed oval oval:org.mitre.oval:def:9192 comment Package OpenOffice_org1-pl is installed oval oval:org.mitre.oval:def:8502 comment Package OpenOffice_org1-pt is installed oval oval:org.mitre.oval:def:8906 comment Package OpenOffice_org1-ru is installed oval oval:org.mitre.oval:def:9169 comment Package OpenOffice_org1-sk is installed oval oval:org.mitre.oval:def:8903 comment Package OpenOffice_org1-sl is installed oval oval:org.mitre.oval:def:8773 comment Package OpenOffice_org1-sv is installed oval oval:org.mitre.oval:def:9168 comment Package OpenOffice_org1-tr is installed oval oval:org.mitre.oval:def:8310 comment Package OpenOffice_org1-zh-CN is installed oval oval:org.mitre.oval:def:8604 comment Package OpenOffice_org1-zh-TW is installed oval oval:org.mitre.oval:def:8999 comment SUSE Linux Enterprise Desktop 10 is installed oval oval:org.mitre.oval:def:2106
description Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records. family unix id oval:org.mitre.oval:def:8280 status accepted submitted 2007-07-22T11:38:47 title OpenOffice_org WMF buffer overflows version 39 accepted 2013-04-29T04:18:19.805-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990
description Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records. family unix id oval:org.mitre.oval:def:9145 status accepted submitted 2010-07-09T03:56:16-04:00 title Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records. version 26
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc
- http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmly
- http://fedoranews.org/cms/node/2344
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0001.html
- http://osvdb.org/32610
- http://osvdb.org/32611
- http://secunia.com/advisories/23549
- http://secunia.com/advisories/23600
- http://secunia.com/advisories/23612
- http://secunia.com/advisories/23616
- http://secunia.com/advisories/23620
- http://secunia.com/advisories/23682
- http://secunia.com/advisories/23683
- http://secunia.com/advisories/23711
- http://secunia.com/advisories/23712
- http://secunia.com/advisories/23762
- http://secunia.com/advisories/23920
- http://security.gentoo.org/glsa/glsa-200701-07.xml
- http://securitytracker.com/id?1017466
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102735-1
- http://www.debian.org/security/2007/dsa-1246
- http://www.kb.cert.org/vuls/id/220288
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:006
- http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/
- http://www.openoffice.org/issues/show_bug.cgi?id=70042
- http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patch
- http://www.redhat.com/support/errata/RHSA-2007-0001.html
- http://www.securityfocus.com/archive/1/455943/100/0/threaded
- http://www.securityfocus.com/archive/1/455947/100/0/threaded
- http://www.securityfocus.com/archive/1/455954/100/0/threaded
- http://www.securityfocus.com/archive/1/455964/100/0/threaded
- http://www.securityfocus.com/archive/1/456271/100/100/threaded
- http://www.ubuntu.com/usn/usn-406-1
- http://www.vupen.com/english/advisories/2007/0031
- http://www.vupen.com/english/advisories/2007/0059
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31257
- https://issues.rpath.com/browse/RPL-905
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8280
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9145