ID CVE-2006-4513
Summary Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function.
References
Vulnerable Configurations
  • cpe:2.3:a:wvware:wvware:1.2.2
    cpe:2.3:a:wvware:wvware:1.2.2
CVSS
Base: 5.1 (as of 30-10-2006 - 16:27)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200612-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-200612-01 (wv library: Multiple integer overflows) The wv library fails to do proper arithmetic checks in multiple places, possibly leading to integer overflows. Impact : An attacker could craft a malicious file that, when handled with the wv library, could lead to the execution of arbitrary code with the permissions of the user running the application. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 23795
    published 2006-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23795
    title GLSA-200612-01 : wv library: Multiple integer overflows
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-374-1.NASL
    description An integer overflow was discovered in the DOC file parser of the wv library. By tricking a user into opening a specially crafted MSWord (.DOC) file, remote attackers could execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27955
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27955
    title Ubuntu 6.10 : wv vulnerability (USN-374-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_WV-2280.NASL
    description Two integer overflows were found in the Microsoft Word converter library 'wv', which could potentially be used to crash programs using this library or to even execute code. - A LVL Count Integer Overflow Vulnerability was fixed. - A LFO Count Integer Overflow Vulnerability was fixed. Both problems have been assigned the Mitre CVE ID CVE-2006-4513.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29595
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29595
    title SuSE 10 Security Update : wv (ZYPP Patch Number 2280)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-202.NASL
    description Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord?, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function. Updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24587
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24587
    title Mandrake Linux Security Advisory : wv (MDKSA-2006:202)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_WV-2279.NASL
    description Two integer overflows were found in the Microsoft Word converter library 'wv', which could potentially be used to crash programs using this library or to even execute code. - A LVL Count Integer Overflow Vulnerability was fixed. - A LFO Count Integer Overflow Vulnerability was fixed. Both problems have been assigned the Mitre CVE ID CVE-2006-4513.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27479
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27479
    title openSUSE 10 Security Update : wv (wv-2279)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_D29DC5068AA611DBBD0D00123FFE8333.NASL
    description Secunia reports : Some vulnerabilities have been reported in wvWare, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerabilities are caused due to integer overflows within the 'wvGetLFO_records()' and 'wvGetLFO_PLF()' functions. These can be exploited to cause heap-based buffer overflows by e.g. tricking a user to open a specially crafted Microsoft Word document with an application using the library.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 23851
    published 2006-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23851
    title FreeBSD : wv -- Multiple Integer Overflow Vulnerabilities (d29dc506-8aa6-11db-bd0d-00123ffe8333)
refmap via4
bid 20761
gentoo GLSA-200612-01
idefense
  • 20061026 Multiple Vendor wvWare LFO Count Integer Overflow Vulnerability
  • 20061026 Multiple Vendor wvWare LVL Count Integer Overflow Vulnerability
mandriva MDKSA-2006:202
sectrack 1017126
secunia
  • 22595
  • 22680
  • 22705
  • 23273
  • 23335
suse SUSE-SR:2006:028
ubuntu USN-374-1
vupen ADV-2006-4221
xf wvware-lfo-lvl-overflow(29833)
statements via4
contributor Mark J Cox
lastmodified 2007-02-09
organization Red Hat
statement Not vulnerable. This issue did not affect versions of wvWare library included in koffice packages as shipped with Red Hat Enterprise Linux 2.1
Last major update 07-03-2011 - 21:41
Published 27-10-2006 - 20:07
Last modified 19-07-2017 - 21:33
Back to Top