CVE-2006-3117

HIGH

Description

Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability."

References

http://fedoranews.org/cms/node/2343

http://secunia.com/advisories/20867

http://secunia.com/advisories/20893

http://secunia.com/advisories/20910

http://secunia.com/advisories/20911

http://secunia.com/advisories/20913

http://secunia.com/advisories/20975

http://secunia.com/advisories/20995

http://secunia.com/advisories/21278

http://secunia.com/advisories/22129

http://secunia.com/advisories/23620

http://security.gentoo.org/glsa/glsa-200607-12.xml

http://securitytracker.com/id?1016414

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102501-1

http://www.debian.org/security/2006/dsa-1104

http://www.mandriva.com/security/advisories?name=MDKSA-2006:118

http://www.ngssoftware.com/advisories/openoffice.txt

http://www.novell.com/linux/security/advisories/2006_40_openoffice.html

http://www.openoffice.org/security/CVE-2006-3117.html

http://www.redhat.com/support/errata/RHSA-2006-0573.html

http://www.securityfocus.com/archive/1/447035/100/0/threaded

http://www.securityfocus.com/bid/18739

http://www.ubuntu.com/usn/usn-313-1

http://www.ubuntu.com/usn/usn-313-2

http://www.vupen.com/english/advisories/2006/2607

http://www.vupen.com/english/advisories/2006/2621

https://exchange.xforce.ibmcloud.com/vulnerabilities/27571

https://issues.rpath.com/browse/RPL-475

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9704

Details

Source: MITRE

Published: 2006-06-30

Updated: 2018-10-18

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 4.9

Severity: HIGH

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
107858Solaris 10 (x86) : 120190-23NessusSolaris Local Security Checks
high
107857Solaris 10 (x86) : 120186-23NessusSolaris Local Security Checks
high
107356Solaris 10 (sparc) : 120189-23NessusSolaris Local Security Checks
high
107355Solaris 10 (sparc) : 120185-23NessusSolaris Local Security Checks
high
27889Ubuntu 5.10 : openoffice.org2-amd64, openoffice.org2 vulnerabilities (USN-313-2)NessusUbuntu Local Security Checks
high
27888Ubuntu 5.04 / 6.06 LTS : openoffice.org-amd64, openoffice.org vulnerabilities (USN-313-1)NessusUbuntu Local Security Checks
high
27134openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-1698)NessusSuSE Local Security Checks
high
24184Fedora Core 5 : openoffice.org-2.0.2-5.20.2 / Fedora Core 6 : openoffice.org-2.0.4-5.5.10 (2007-005)NessusFedora Local Security Checks
high
23617Solaris 5.9 (x86) : 120190-19NessusSolaris Local Security Checks
high
23616Solaris 5.9 (x86) : 120186-19NessusSolaris Local Security Checks
high
23558Solaris 5.9 (sparc) : 120189-19NessusSolaris Local Security Checks
high
23557Solaris 5.9 (sparc) : 120185-19NessusSolaris Local Security Checks
high
23468Solaris 5.8 (x86) : 120190-19NessusSolaris Local Security Checks
high
23467Solaris 5.8 (x86) : 120186-19NessusSolaris Local Security Checks
high
23420Solaris 5.8 (sparc) : 120189-19NessusSolaris Local Security Checks
high
23419Solaris 5.8 (sparc) : 120185-19NessusSolaris Local Security Checks
high
22994Solaris 5.10 (x86) : 120190-19NessusSolaris Local Security Checks
high
22993Solaris 5.10 (x86) : 120186-19NessusSolaris Local Security Checks
high
22961Solaris 5.10 (sparc) : 120189-19NessusSolaris Local Security Checks
high
22960Solaris 5.10 (sparc) : 120185-19NessusSolaris Local Security Checks
high
22646Debian DSA-1104-2 : openoffice.org - several vulnerabilitiesNessusDebian Local Security Checks
high
22120GLSA-200607-12 : OpenOffice.org: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
22014Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2006:118)NessusMandriva Local Security Checks
high
21916RHEL 3 / 4 : openoffice.org (RHSA-2006:0573)NessusRed Hat Local Security Checks
high
21906CentOS 3 / 4 : openoffice.org (CESA-2006:0573)NessusCentOS Local Security Checks
high
21784OpenOffice < 2.0.3 Multiple VulnerabilitiesNessusWindows
high