CVE-2006-5870

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.

References

ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc

http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmly

http://fedoranews.org/cms/node/2344

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0001.html

http://osvdb.org/32610

http://osvdb.org/32611

http://secunia.com/advisories/23549

http://secunia.com/advisories/23600

http://secunia.com/advisories/23612

http://secunia.com/advisories/23616

http://secunia.com/advisories/23620

http://secunia.com/advisories/23682

http://secunia.com/advisories/23683

http://secunia.com/advisories/23711

http://secunia.com/advisories/23712

http://secunia.com/advisories/23762

http://secunia.com/advisories/23920

http://security.gentoo.org/glsa/glsa-200701-07.xml

http://securitytracker.com/id?1017466

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102735-1

http://www.debian.org/security/2007/dsa-1246

http://www.kb.cert.org/vuls/id/220288

http://www.mandriva.com/security/advisories?name=MDKSA-2007:006

http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/

http://www.openoffice.org/issues/show_bug.cgi?id=70042

http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patch

http://www.redhat.com/support/errata/RHSA-2007-0001.html

http://www.securityfocus.com/archive/1/455943/100/0/threaded

http://www.securityfocus.com/archive/1/455947/100/0/threaded

http://www.securityfocus.com/archive/1/455954/100/0/threaded

http://www.securityfocus.com/archive/1/455964/100/0/threaded

http://www.securityfocus.com/archive/1/456271/100/100/threaded

http://www.ubuntu.com/usn/usn-406-1

http://www.vupen.com/english/advisories/2007/0031

http://www.vupen.com/english/advisories/2007/0059

https://exchange.xforce.ibmcloud.com/vulnerabilities/31257

https://issues.rpath.com/browse/RPL-905

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8280

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9145

Details

Source: MITRE

Published: 2006-12-31

Updated: 2018-10-17

Type: CWE-189

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
107858Solaris 10 (x86) : 120190-23NessusSolaris Local Security Checks
high
107857Solaris 10 (x86) : 120186-23NessusSolaris Local Security Checks
high
107356Solaris 10 (sparc) : 120189-23NessusSolaris Local Security Checks
high
107355Solaris 10 (sparc) : 120185-23NessusSolaris Local Security Checks
high
67433Oracle Linux 4 : openoffice.org (ELSA-2007-0001)NessusOracle Linux Local Security Checks
high
29364SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 2407)NessusSuSE Local Security Checks
high
27994Ubuntu 5.10 / 6.06 LTS : openoffice.org/-amd64, openoffice.org2/-amd64 vulnerability (USN-406-1)NessusUbuntu Local Security Checks
high
27135openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-2408)NessusSuSE Local Security Checks
high
24622Mandrake Linux Security Advisory : openoffice.org (MDKSA-2007:006)NessusMandriva Local Security Checks
high
24205GLSA-200701-07 : OpenOffice.org: EMF/WMF file handling vulnerabilitiesNessusGentoo Local Security Checks
high
24184Fedora Core 5 : openoffice.org-2.0.2-5.20.2 / Fedora Core 6 : openoffice.org-2.0.4-5.5.10 (2007-005)NessusFedora Local Security Checks
high
24006Debian DSA-1246-1 : openoffice.org - buffer overflowNessusDebian Local Security Checks
high
23993RHEL 3 / 4 : openoffice.org (RHSA-2007:0001)NessusRed Hat Local Security Checks
high
23984CentOS 3 / 4 : openoffice.org (CESA-2007:0001)NessusCentOS Local Security Checks
high
23617Solaris 5.9 (x86) : 120190-19NessusSolaris Local Security Checks
high
23616Solaris 5.9 (x86) : 120186-19NessusSolaris Local Security Checks
high
23558Solaris 5.9 (sparc) : 120189-19NessusSolaris Local Security Checks
high
23557Solaris 5.9 (sparc) : 120185-19NessusSolaris Local Security Checks
high
23468Solaris 5.8 (x86) : 120190-19NessusSolaris Local Security Checks
high
23467Solaris 5.8 (x86) : 120186-19NessusSolaris Local Security Checks
high
23420Solaris 5.8 (sparc) : 120189-19NessusSolaris Local Security Checks
high
23419Solaris 5.8 (sparc) : 120185-19NessusSolaris Local Security Checks
high
22994Solaris 5.10 (x86) : 120190-19NessusSolaris Local Security Checks
high
22993Solaris 5.10 (x86) : 120186-19NessusSolaris Local Security Checks
high
22961Solaris 5.10 (sparc) : 120189-19NessusSolaris Local Security Checks
high
22960Solaris 5.10 (sparc) : 120185-19NessusSolaris Local Security Checks
high