| Vulnerability Name: | CVE-2006-5870 (CCN-31257) | ||||||||||||||||||||||||
| Assigned: | 2006-12-31 | ||||||||||||||||||||||||
| Published: | 2006-12-31 | ||||||||||||||||||||||||
| Updated: | 2018-10-17 | ||||||||||||||||||||||||
| Summary: | Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-189 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: SGI Type: UNKNOWN 20070101-01-P Source: CCN Type: Full-Disclosure Mailing List, Wed Jan 03 2007 - 21:41:27 CST OpenOffice.org issued a WMF code execution fix Source: VULNWATCH Type: UNKNOWN 20070104 High Risk Vulnerability in the OpenOffice and StarOffice Suites Source: MITRE Type: CNA CVE-2006-5870 Source: FEDORA Type: UNKNOWN FEDORA-2007-005 Source: SUSE Type: UNKNOWN SUSE-SA:2007:001 Source: OSVDB Type: UNKNOWN 32610 Source: OSVDB Type: UNKNOWN 32611 Source: CCN Type: RHSA-2007-0001 Important: openoffice.org security update Source: SECUNIA Type: Vendor Advisory 23549 Source: CCN Type: SA23600 StarOffice WMF/EMF Processing Buffer Overflow Vulnerabilities Source: SECUNIA Type: Vendor Advisory 23600 Source: CCN Type: SA23612 OpenOffice WMF/EMF Processing Buffer Overflow Vulnerabilities Source: SECUNIA Type: Vendor Advisory 23612 Source: SECUNIA Type: Vendor Advisory 23616 Source: SECUNIA Type: Vendor Advisory 23620 Source: SECUNIA Type: Vendor Advisory 23682 Source: SECUNIA Type: Vendor Advisory 23683 Source: SECUNIA Type: Vendor Advisory 23711 Source: SECUNIA Type: Vendor Advisory 23712 Source: SECUNIA Type: Vendor Advisory 23762 Source: SECUNIA Type: Vendor Advisory 23920 Source: GENTOO Type: UNKNOWN GLSA-200701-07 Source: CCN Type: SECTRACK ID: 1017466 OpenOffice.org Office Suite Integer Overflow in Processing WMF/EMF Files Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1017466 Source: CCN Type: Sun Alert ID: 102735 Security Vulnerability With StarOffice/StarSuite Versions 6, 7 and 8 Related to the '.wmf' File Format Source: SUNALERT Type: UNKNOWN 102735 Source: CCN Type: ASA-2007-016 OpenOffice.org security update (RHSA-2007-0001) Source: CCN Type: ASA-2007-035 Security Vulnerability With StarOffice/StarSuite Versions 6 7 and 8 Related to the .wmf File Format (SUN 102735) Source: DEBIAN Type: UNKNOWN DSA-1246 Source: DEBIAN Type: DSA-1246 openoffice.org -- buffer overflow Source: CCN Type: GLSA-200701-07 OpenOffice.org: EMF/WMF file handling vulnerabilities Source: CCN Type: US-CERT VU#220288 OpenOffice fails to properly process WMF and EMF files Source: CERT-VN Type: US Government Resource VU#220288 Source: MANDRIVA Type: UNKNOWN MDKSA-2007:006 Source: CCN Type: NGSSoftware Advisory January 4th, 2007 High Risk Vulnerabilities in the StarOffice Suite Source: MISC Type: UNKNOWN http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/ Source: CCN Type: OpenOffice.org Web site OpenOffice.org Source: CCN Type: OpenOffice.org Issue 70042 catch out out bounds wmf/emf values Source: CONFIRM Type: Patch http://www.openoffice.org/issues/show_bug.cgi?id=70042 Source: CONFIRM Type: UNKNOWN http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patch Source: CCN Type: OSVDB ID: 32610 OpenOffice.org (OOo) wmf/winwmf.cxx WMF META_ESCAPE Record Parsing Overflow Source: CCN Type: OSVDB ID: 32611 OpenOffice.org (OOo) wmf/enhwmf.cxx EMF Multiple Record Handling Overflow Source: REDHAT Type: Patch, Vendor Advisory RHSA-2007:0001 Source: BUGTRAQ Type: UNKNOWN 20070104 Correction (High Risk Vulnerability in the OpenOffice and StarOffice Suites) Source: BUGTRAQ Type: UNKNOWN 20070104 Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites Source: BUGTRAQ Type: UNKNOWN 20070104 Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites Source: BUGTRAQ Type: UNKNOWN 20070104 High Risk Vulnerability in the OpenOffice and StarOffice Suites Source: BUGTRAQ Type: UNKNOWN 20070108 rPSA-2007-0001-1 openoffice.org Source: CCN Type: USN-406-1 OpenOffice.org vulnerability Source: UBUNTU Type: UNKNOWN USN-406-1 Source: VUPEN Type: Vendor Advisory ADV-2007-0031 Source: VUPEN Type: Vendor Advisory ADV-2007-0059 Source: XF Type: UNKNOWN openoffice-wmf-emf-bo(31257) Source: XF Type: UNKNOWN openoffice-wmf-bo(31257) Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-905 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:8280 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9145 Source: SUSE Type: SUSE-SA:2007:001 OpenOffice_org WMF buffer overflows | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||