Mandrake Linux Security Advisory : wv (MDKSA-2006:202)
Medium Nessus Plugin ID 24587
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionMultiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord?, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function.
Updated packages have been patched to correct these issues.
SolutionUpdate the affected packages.