ID CVE-2006-5870
Summary Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.
References
Vulnerable Configurations
  • cpe:2.3:a:openoffice:openoffice:2.0.4
    cpe:2.3:a:openoffice:openoffice:2.0.4
  • Sun StarOffice 6.0
    cpe:2.3:a:sun:staroffice:6.0
  • Sun StarOffice 7.0
    cpe:2.3:a:sun:staroffice:7.0
  • Sun StarOffice 8.0
    cpe:2.3:a:sun:staroffice:8.0
CVSS
Base: 9.3 (as of 04-01-2007 - 09:27)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-005.NASL
    description Rectifies an error patch condition where by corrupt wmf/emf files with out of bounds values in the emf/wmf file could enable an attacker by constructing a malicious file to execute arbitrary code if opened in OpenOffice by a victim. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 24184
    published 2007-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24184
    title Fedora Core 5 : openoffice.org-2.0.2-5.20.2 / Fedora Core 6 : openoffice.org-2.0.4-5.5.10 (2007-005)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENOFFICE_ORG-2407.NASL
    description Following security problem was fixed in OpenOffice_org : - Bufferoverflows in WMF and Enhanced WMF handling in OpenOffice_org could be used to potentially execute code or crash OpenOffice_org. It is necessary that the user can be tricked to open a prepared document. (CVE-2006-5870) This update also adds code to later hook in the OfficeXML converter (odf-converter.sf.net).
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29364
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29364
    title SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 2407)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0001.NASL
    description Updated openoffice.org packages are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Several integer overflow bugs were found in the OpenOffice.org WMF file processor. An attacker could create a carefully crafted WMF file that could cause OpenOffice.org to execute arbitrary code when the file was opened by a victim. (CVE-2006-5870) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported fix for this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 23993
    published 2007-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23993
    title RHEL 3 / 4 : openoffice.org (RHSA-2007:0001)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0001.NASL
    description Updated openoffice.org packages are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Several integer overflow bugs were found in the OpenOffice.org WMF file processor. An attacker could create a carefully crafted WMF file that could cause OpenOffice.org to execute arbitrary code when the file was opened by a victim. (CVE-2006-5870) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported fix for this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 23984
    published 2007-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23984
    title CentOS 3 / 4 : openoffice.org (CESA-2007:0001)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-006.NASL
    description Several integer overflows were discovered in the OpenOffice.org WMF file processor. An attacker could create a carefully crafted WMF file that would cause OpenOffice.org to execute arbitrary code when opened. Updated packages are patched to address this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24622
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24622
    title Mandrake Linux Security Advisory : openoffice.org (MDKSA-2007:006)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_120190.NASL
    description StarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09
    last seen 2018-09-01
    modified 2018-08-22
    plugin id 22994
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22994
    title Solaris 5.10 (x86) : 120190-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_120185-23.NASL
    description StarOffice 8 (Solaris): Update 18. Date this patch was last updated by Sun : Mar/15/11
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107355
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107355
    title Solaris 10 (sparc) : 120185-23
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_120189.NASL
    description StarSuite 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 23558
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23558
    title Solaris 5.9 (sparc) : 120189-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_120186.NASL
    description StarOffice 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/10/09
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 23467
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23467
    title Solaris 5.8 (x86) : 120186-19
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENOFFICE_ORG-2408.NASL
    description Following security problem was fixed in OpenOffice_org : CVE-2006-5870: Bufferoverflows in WMF and Enhanced WMF handling in OpenOffice_org could be used to potentially execute code or crash OpenOffice_org. It is necessary that the user can be tricked to open a prepared document. This update also adds code to later hook in the OfficeXML converter (odf-converter.sf.net).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27135
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27135
    title openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-2408)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200701-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-200701-07 (OpenOffice.org: EMF/WMF file handling vulnerabilities) John Heasman of NGSSoftware has discovered integer overflows in the EMR_POLYPOLYGON and EMR_POLYPOLYGON16 processing and an error within the handling of META_ESCAPE records. Impact : An attacker could exploit these vulnerabilities to cause heap overflows and potentially execute arbitrary code with the privileges of the user running OpenOffice.org by enticing the user to open a document containing a malicious WMF/EMF file. Workaround : There is no known workaround known at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 24205
    published 2007-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24205
    title GLSA-200701-07 : OpenOffice.org: EMF/WMF file handling vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0001.NASL
    description From Red Hat Security Advisory 2007:0001 : Updated openoffice.org packages are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Several integer overflow bugs were found in the OpenOffice.org WMF file processor. An attacker could create a carefully crafted WMF file that could cause OpenOffice.org to execute arbitrary code when the file was opened by a victim. (CVE-2006-5870) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported fix for this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67433
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67433
    title Oracle Linux 4 : openoffice.org (ELSA-2007-0001)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_120189.NASL
    description StarSuite 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09
    last seen 2018-09-02
    modified 2018-08-22
    plugin id 22961
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22961
    title Solaris 5.10 (sparc) : 120189-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_120185.NASL
    description StarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 23419
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23419
    title Solaris 5.8 (sparc) : 120185-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_120186-23.NASL
    description StarOffice 8 (Solaris_x86): Update 18. Date this patch was last updated by Sun : Mar/15/11
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107857
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107857
    title Solaris 10 (x86) : 120186-23
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_120190-23.NASL
    description StarSuite 8 (Solaris_x86): Update 18. Date this patch was last updated by Sun : Mar/15/11
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107858
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107858
    title Solaris 10 (x86) : 120190-23
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1246.NASL
    description John Heasman from Next Generation Security Software discovered a heap overflow in the handling of Windows Metafiles in OpenOffice.org, the free office suite, which could lead to a denial of service and potentially execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 24006
    published 2007-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24006
    title Debian DSA-1246-1 : openoffice.org - buffer overflow
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_120186.NASL
    description StarOffice 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/10/09
    last seen 2018-09-01
    modified 2018-08-22
    plugin id 22993
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22993
    title Solaris 5.10 (x86) : 120186-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_120189-23.NASL
    description StarSuite 8 (Solaris): Update 18. Date this patch was last updated by Sun : Mar/15/11
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107356
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107356
    title Solaris 10 (sparc) : 120189-23
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-406-1.NASL
    description An integer overflow was discovered in OpenOffice.org's handling of WMF files. If a user were tricked into opening a specially crafted WMF file, an attacker could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 27994
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27994
    title Ubuntu 5.10 / 6.06 LTS : openoffice.org/-amd64, openoffice.org2/-amd64 vulnerability (USN-406-1)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_120190.NASL
    description StarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 23617
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23617
    title Solaris 5.9 (x86) : 120190-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_120185.NASL
    description StarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09
    last seen 2018-09-02
    modified 2018-08-22
    plugin id 22960
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22960
    title Solaris 5.10 (sparc) : 120185-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_120190.NASL
    description StarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 23468
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23468
    title Solaris 5.8 (x86) : 120190-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_120189.NASL
    description StarSuite 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 23420
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23420
    title Solaris 5.8 (sparc) : 120189-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_120185.NASL
    description StarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 23557
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23557
    title Solaris 5.9 (sparc) : 120185-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_120186.NASL
    description StarOffice 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/10/09
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 23616
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23616
    title Solaris 5.9 (x86) : 120186-19
oval via4
  • accepted 2014-06-09T04:01:48.851-04:00
    class vulnerability
    contributors
    • name Thomas R. Jones
      organization Maitreya Security
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jerome Athias
      organization McAfee, Inc.
    definition_extensions
    • comment Novell Linux Desktop 9 is installed
      oval oval:org.mitre.oval:def:2090
    • comment SUSE Linux Desktop 1.0 is installed
      oval oval:org.mitre.oval:def:1366
    • comment SUSE Linux 10.1 is installed
      oval oval:org.mitre.oval:def:2157
    • comment Package OpenOffice_org is installed
      oval oval:org.mitre.oval:def:8865
    • comment Package OpenOffice_org-gnome is installed
      oval oval:org.mitre.oval:def:8914
    • comment Package OpenOffice_org-kde is installed
      oval oval:org.mitre.oval:def:9199
    • comment Package OpenOffice_org-mono is installed
      oval oval:org.mitre.oval:def:8222
    • comment Package OpenOffice_org-officebean is installed
      oval oval:org.mitre.oval:def:8541
    • comment SUSE Linux 10.0 is installed
      oval oval:org.mitre.oval:def:2027
    • comment Package OpenOffice_org is installed
      oval oval:org.mitre.oval:def:8865
    • comment Package OpenOffice_org-af is installed
      oval oval:org.mitre.oval:def:8974
    • comment Package OpenOffice_org-ar is installed
      oval oval:org.mitre.oval:def:8663
    • comment Package OpenOffice_org-be-BY is installed
      oval oval:org.mitre.oval:def:8432
    • comment Package OpenOffice_org-bg is installed
      oval oval:org.mitre.oval:def:8403
    • comment Package OpenOffice_org-ca is installed
      oval oval:org.mitre.oval:def:8887
    • comment Package OpenOffice_org-cs is installed
      oval oval:org.mitre.oval:def:8733
    • comment Package OpenOffice_org-cy is installed
      oval oval:org.mitre.oval:def:8329
    • comment Package OpenOffice_org-da is installed
      oval oval:org.mitre.oval:def:8998
    • comment Package OpenOffice_org-de is installed
      oval oval:org.mitre.oval:def:8688
    • comment Package OpenOffice_org-el is installed
      oval oval:org.mitre.oval:def:8801
    • comment Package OpenOffice_org-en-GB is installed
      oval oval:org.mitre.oval:def:8829
    • comment Package OpenOffice_org-es is installed
      oval oval:org.mitre.oval:def:8583
    • comment Package OpenOffice_org-et is installed
      oval oval:org.mitre.oval:def:8678
    • comment Package OpenOffice_org-fi is installed
      oval oval:org.mitre.oval:def:8451
    • comment Package OpenOffice_org-fr is installed
      oval oval:org.mitre.oval:def:8215
    • comment Package OpenOffice_org-galleries is installed
      oval oval:org.mitre.oval:def:8997
    • comment Package OpenOffice_org-gnome is installed
      oval oval:org.mitre.oval:def:8914
    • comment Package OpenOffice_org-gu-IN is installed
      oval oval:org.mitre.oval:def:8341
    • comment Package OpenOffice_org-hr is installed
      oval oval:org.mitre.oval:def:8715
    • comment Package OpenOffice_org-hu is installed
      oval oval:org.mitre.oval:def:8228
    • comment Package OpenOffice_org-hunspell is installed
      oval oval:org.mitre.oval:def:8892
    • comment Package OpenOffice_org-it is installed
      oval oval:org.mitre.oval:def:9104
    • comment Package OpenOffice_org-ja is installed
      oval oval:org.mitre.oval:def:8987
    • comment Package OpenOffice_org-kde is installed
      oval oval:org.mitre.oval:def:9199
    • comment Package OpenOffice_org-ko is installed
      oval oval:org.mitre.oval:def:8352
    • comment Package OpenOffice_org-mono is installed
      oval oval:org.mitre.oval:def:8222
    • comment Package OpenOffice_org-nb is installed
      oval oval:org.mitre.oval:def:8804
    • comment Package OpenOffice_org-nl is installed
      oval oval:org.mitre.oval:def:8611
    • comment Package OpenOffice_org-nn is installed
      oval oval:org.mitre.oval:def:8501
    • comment Package OpenOffice_org-officebean is installed
      oval oval:org.mitre.oval:def:8541
    • comment Package OpenOffice_org-pa-IN is installed
      oval oval:org.mitre.oval:def:8882
    • comment Package OpenOffice_org-pl is installed
      oval oval:org.mitre.oval:def:8799
    • comment Package OpenOffice_org-pt is installed
      oval oval:org.mitre.oval:def:8664
    • comment Package OpenOffice_org-pt-BR is installed
      oval oval:org.mitre.oval:def:8886
    • comment Package OpenOffice_org-ru is installed
      oval oval:org.mitre.oval:def:8389
    • comment Package OpenOffice_org-sk is installed
      oval oval:org.mitre.oval:def:8244
    • comment Package OpenOffice_org-sl is installed
      oval oval:org.mitre.oval:def:9181
    • comment Package OpenOffice_org-sv is installed
      oval oval:org.mitre.oval:def:8860
    • comment Package OpenOffice_org-tr is installed
      oval oval:org.mitre.oval:def:8707
    • comment Package OpenOffice_org-vi is installed
      oval oval:org.mitre.oval:def:8288
    • comment Package OpenOffice_org-xh is installed
      oval oval:org.mitre.oval:def:8477
    • comment Package OpenOffice_org-zh-CN is installed
      oval oval:org.mitre.oval:def:8995
    • comment Package OpenOffice_org-zh-TW is installed
      oval oval:org.mitre.oval:def:9146
    • comment Package OpenOffice_org-zu is installed
      oval oval:org.mitre.oval:def:8269
    • comment SUSE Linux Professional 9.3 is installed
      oval oval:org.mitre.oval:def:2044
    • comment Package OpenOffice_org1 is installed
      oval oval:org.mitre.oval:def:8264
    • comment Package OpenOffice_org1-ar is installed
      oval oval:org.mitre.oval:def:8777
    • comment Package OpenOffice_org1-ca is installed
      oval oval:org.mitre.oval:def:8915
    • comment Package OpenOffice_org1-cs is installed
      oval oval:org.mitre.oval:def:8357
    • comment Package OpenOffice_org1-da is installed
      oval oval:org.mitre.oval:def:8308
    • comment Package OpenOffice_org1-de is installed
      oval oval:org.mitre.oval:def:8533
    • comment Package OpenOffice_org1-el is installed
      oval oval:org.mitre.oval:def:8652
    • comment Package OpenOffice_org1-en is installed
      oval oval:org.mitre.oval:def:8958
    • comment Package OpenOffice_org1-es is installed
      oval oval:org.mitre.oval:def:8705
    • comment Package OpenOffice_org1-et is installed
      oval oval:org.mitre.oval:def:8681
    • comment Package OpenOffice_org1-fi is installed
      oval oval:org.mitre.oval:def:8815
    • comment Package OpenOffice_org1-fr is installed
      oval oval:org.mitre.oval:def:8672
    • comment Package OpenOffice_org1-gnome is installed
      oval oval:org.mitre.oval:def:8342
    • comment Package OpenOffice_org1-hu is installed
      oval oval:org.mitre.oval:def:8380
    • comment Package OpenOffice_org1-it is installed
      oval oval:org.mitre.oval:def:8691
    • comment Package OpenOffice_org1-ja is installed
      oval oval:org.mitre.oval:def:9174
    • comment Package OpenOffice_org1-kde is installed
      oval oval:org.mitre.oval:def:8774
    • comment Package OpenOffice_org1-ko is installed
      oval oval:org.mitre.oval:def:9070
    • comment Package OpenOffice_org1-nl is installed
      oval oval:org.mitre.oval:def:9192
    • comment Package OpenOffice_org1-pl is installed
      oval oval:org.mitre.oval:def:8502
    • comment Package OpenOffice_org1-pt is installed
      oval oval:org.mitre.oval:def:8906
    • comment Package OpenOffice_org1-ru is installed
      oval oval:org.mitre.oval:def:9169
    • comment Package OpenOffice_org1-sk is installed
      oval oval:org.mitre.oval:def:8903
    • comment Package OpenOffice_org1-sl is installed
      oval oval:org.mitre.oval:def:8773
    • comment Package OpenOffice_org1-sv is installed
      oval oval:org.mitre.oval:def:9168
    • comment Package OpenOffice_org1-tr is installed
      oval oval:org.mitre.oval:def:8310
    • comment Package OpenOffice_org1-zh-CN is installed
      oval oval:org.mitre.oval:def:8604
    • comment Package OpenOffice_org1-zh-TW is installed
      oval oval:org.mitre.oval:def:8999
    • comment SUSE Linux Enterprise Desktop 10 is installed
      oval oval:org.mitre.oval:def:2106
    description Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.
    family unix
    id oval:org.mitre.oval:def:8280
    status accepted
    submitted 2007-07-22T11:38:47
    title OpenOffice_org WMF buffer overflows
    version 35
  • accepted 2013-04-29T04:18:19.805-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.
    family unix
    id oval:org.mitre.oval:def:9145
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.
    version 23
redhat via4
advisories
bugzilla
id 217347
title CVE-2006-5870 WMF heap overflow
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • OR
      • AND
        • comment openoffice.org is earlier than 0:1.1.2-35.2.0.EL3
          oval oval:com.redhat.rhsa:tst:20070001002
        • comment openoffice.org is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070001003
      • AND
        • comment openoffice.org-i18n is earlier than 0:1.1.2-35.2.0.EL3
          oval oval:com.redhat.rhsa:tst:20070001006
        • comment openoffice.org-i18n is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070001007
      • AND
        • comment openoffice.org-libs is earlier than 0:1.1.2-35.2.0.EL3
          oval oval:com.redhat.rhsa:tst:20070001004
        • comment openoffice.org-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070001005
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment openoffice.org is earlier than 0:1.1.5-6.6.0.EL4
          oval oval:com.redhat.rhsa:tst:20070001009
        • comment openoffice.org is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070001003
      • AND
        • comment openoffice.org-i18n is earlier than 0:1.1.5-6.6.0.EL4
          oval oval:com.redhat.rhsa:tst:20070001010
        • comment openoffice.org-i18n is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070001007
      • AND
        • comment openoffice.org-kde is earlier than 0:1.1.5-6.6.0.EL4
          oval oval:com.redhat.rhsa:tst:20070001011
        • comment openoffice.org-kde is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070001012
      • AND
        • comment openoffice.org-libs is earlier than 0:1.1.5-6.6.0.EL4
          oval oval:com.redhat.rhsa:tst:20070001013
        • comment openoffice.org-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070001005
rhsa
id RHSA-2007:0001
released 2007-01-03
severity Important
title RHSA-2007:0001: openoffice.org security update (Important)
rpms
  • openoffice.org-0:1.1.2-35.2.0.EL3
  • openoffice.org-i18n-0:1.1.2-35.2.0.EL3
  • openoffice.org-libs-0:1.1.2-35.2.0.EL3
  • openoffice.org-0:1.1.5-6.6.0.EL4
  • openoffice.org-i18n-0:1.1.5-6.6.0.EL4
  • openoffice.org-kde-0:1.1.5-6.6.0.EL4
  • openoffice.org-libs-0:1.1.5-6.6.0.EL4
refmap via4
bugtraq
  • 20070104 Correction (High Risk Vulnerability in the OpenOffice and StarOffice Suites)
  • 20070104 High Risk Vulnerability in the OpenOffice and StarOffice Suites
  • 20070104 Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites
  • 20070108 rPSA-2007-0001-1 openoffice.org
cert-vn VU#220288
confirm
debian DSA-1246
fedora FEDORA-2007-005
gentoo GLSA-200701-07
mandriva MDKSA-2007:006
misc http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/
osvdb
  • 32610
  • 32611
sectrack 1017466
secunia
  • 23549
  • 23600
  • 23612
  • 23616
  • 23620
  • 23682
  • 23683
  • 23711
  • 23712
  • 23762
  • 23920
sgi 20070101-01-P
sunalert 102735
suse SUSE-SA:2007:001
ubuntu USN-406-1
vulnwatch 20070104 High Risk Vulnerability in the OpenOffice and StarOffice Suites
vupen
  • ADV-2007-0031
  • ADV-2007-0059
xf openoffice-wmf-bo(31257)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 09-09-2011 - 00:00
Published 31-12-2006 - 00:00
Last modified 17-10-2018 - 17:45
Back to Top