Vulnerability Name:

CVE-2006-2197 (CCN-27184)

Assigned:2006-06-12
Published:2006-06-12
Updated:2018-10-03
Summary:Integer overflow in wv2 before 0.2.3 might allow context-dependent attackers to execute arbitrary code via a crafted Microsoft Word document.
This vulnerability is addressed in the following product release:
Debian, wv2, 0.2.2-1
CVSS v3 Severity:5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-2197

Source: CCN
Type: SA20665
wvWare wv2 Library Integer Overflow Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
20665

Source: SECUNIA
Type: Patch, Vendor Advisory
20688

Source: SECUNIA
Type: Patch, Vendor Advisory
20689

Source: SECUNIA
Type: Vendor Advisory
20826

Source: SECUNIA
Type: Vendor Advisory
20844

Source: SECUNIA
Type: Vendor Advisory
20899

Source: CCN
Type: SECTRACK ID: 1016313
wvWare wv2 Integer Overflow in Processing Word Documents Permits Code Execution

Source: SECTRACK
Type: UNKNOWN
1016313

Source: CCN
Type: SourceForge.net: Files
wvWare - File Release Notes and Changelog - Release Name: 0.2.3

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/project/shownotes.php?group_id=10501&release_id=424094

Source: CCN
Type: SourceForge.net
wvWare

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-1100

Source: DEBIAN
Type: DSA-1100
wv2 -- integer overflow

Source: CCN
Type: GLSA-200606-24
wv2: Integer overflow

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200606-24

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:109

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:015

Source: CCN
Type: OSVDB ID: 26512
wvWare wv2 Library Overflow

Source: BID
Type: Patch
18437

Source: CCN
Type: BID-18437
wv2 Remote Buffer Overflow Vulnerability

Source: CCN
Type: USN-300-1
wv2 vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2006-2350

Source: XF
Type: UNKNOWN
wvware-wv2-word-overflow(27184)

Source: XF
Type: UNKNOWN
wvware-wv2-word-overflow(27184)

Source: UBUNTU
Type: UNKNOWN
USN-300-1

Source: SUSE
Type: SUSE-SR:2006:015
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:wvware:wv2:0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:wvware:wv2:*:*:*:*:*:*:*:* (Version <= 0.2.3)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20062197
    V
    		CVE-2006-2197
    2015-11-16
    oval:org.debian:def:1100
    V
    		integer overflow
    2006-06-15
    BACK
    wvware wv2 0.2.2
    wvware wv2 *