| Vulnerability Name: | CVE-2006-2198 (CCN-27564) | ||||||||||||||||||||||||||||
| Assigned: | 2006-06-29 | ||||||||||||||||||||||||||||
| Published: | 2006-06-29 | ||||||||||||||||||||||||||||
| Updated: | 2018-10-18 | ||||||||||||||||||||||||||||
| Summary: | OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-264 | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2006-2198 Source: FEDORA Type: UNKNOWN FEDORA-2007-005 Source: CCN Type: RHSA-2006-0573 openoffice.org security update Source: CCN Type: SA20867 OpenOffice Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 20867 Source: SECUNIA Type: Vendor Advisory 20893 Source: SECUNIA Type: Vendor Advisory 20910 Source: CCN Type: SA20911 StarOffice / StarSuite Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 20911 Source: SECUNIA Type: Vendor Advisory 20913 Source: SECUNIA Type: Vendor Advisory 20975 Source: SECUNIA Type: Vendor Advisory 20995 Source: SECUNIA Type: Vendor Advisory 21278 Source: SECUNIA Type: Vendor Advisory 22129 Source: SECUNIA Type: Vendor Advisory 23620 Source: GENTOO Type: UNKNOWN GLSA-200607-12 Source: CCN Type: SECTRACK ID: 1016414 OpenOffice.org Bugs Let Java Scripts Escape the Sandbox, Macro Code Be Executed, or Arbitrary Code Be Executed on the Target System Source: SECTRACK Type: UNKNOWN 1016414 Source: CCN Type: Sun Alert ID: 102490 Security Vulnerability With Macros in StarOffice/StarSuite Source: SUNALERT Type: Patch 102490 Source: CCN Type: ASA-2006-134 openoffice.org security update (RHSA-2006-0573) Source: DEBIAN Type: UNKNOWN DSA-1104 Source: DEBIAN Type: DSA-1104 openoffice.org -- several vulnerabilities Source: CCN Type: GLSA-200607-12 OpenOffice.org: Multiple vulnerabilities Source: CCN Type: US-CERT VU#170113 OpenOffice.org may fail to recognize embedded Basic macros Source: CERT-VN Type: US Government Resource VU#170113 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:118 Source: SUSE Type: UNKNOWN SUSE-SA:2006:040 Source: CCN Type: OpenOffice.org Security Bulletin 2006-06-29 Security Bulletin 2006-06-29 Source: CONFIRM Type: Patch, Vendor Advisory http://www.openoffice.org/security/CVE-2006-2199.html Source: REDHAT Type: UNKNOWN RHSA-2006:0573 Source: BUGTRAQ Type: UNKNOWN 20060926 rPSA-2006-0173-1 openoffice.org Source: BID Type: UNKNOWN 18738 Source: CCN Type: BID-18738 OpenOffice Arbitrary Macro Execution Vulnerability Source: CCN Type: TLSA-2006-13 StarSuite 8 Product Update 3-2 Source: CCN Type: USN-313-1 OpenOffice.org vulnerabilities Source: UBUNTU Type: UNKNOWN USN-313-1 Source: CCN Type: USN-313-2 OpenOffice.org vulnerabilities Source: UBUNTU Type: UNKNOWN USN-313-2 Source: VUPEN Type: Vendor Advisory ADV-2006-2607 Source: VUPEN Type: Vendor Advisory ADV-2006-2621 Source: XF Type: UNKNOWN openoffice-macro-code-execution(27564) Source: XF Type: UNKNOWN openoffice-macro-code-execution(27564) Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-475 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11082 Source: SUSE Type: SUSE-SA:2006:040 OpenOffice_org security problems | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||