Vulnerabilities > CVE-2006-6628 - Remote Word File Integer Overflow vulnerability in Openoffice 2.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Microsoft Word Document (malformed pointer) Proof of Concept. CVE-2006-6561,CVE-2006-6628. Dos exploit for windows platform |
| file | exploits/windows/dos/2922.txt |
| id | EDB-ID:2922 |
| last seen | 2016-01-31 |
| modified | 2006-12-12 |
| platform | windows |
| port | |
| published | 2006-12-12 |
| reporter | DiscoJonny |
| source | https://www.exploit-db.com/download/2922/ |
| title | Microsoft Word Document - malformed pointer Proof of Concept |
| type | dos |
Statements
| contributor | Joshua Bressers |
| lastmodified | 2007-01-15 |
| organization | Red Hat |
| statement | Red Hat does not consider this flaw a security issue. This flaw will only crash OpenOffice.org and presents no possibility for arbitrary code execution. |
References
- http://securityreason.com/securityalert/2043
- http://www.milw0rm.com/sploits/12122006-djtest.doc
- http://www.securityfocus.com/archive/1/454514/100/0/threaded
- http://www.securityfocus.com/archive/1/454545/100/0/threaded
- http://www.securityfocus.com/archive/1/454722/100/0/threaded
- http://www.securityfocus.com/archive/1/454737/100/0/threaded
- http://www.securityfocus.com/bid/21618
- http://www.vupen.com/english/advisories/2006/5051