ID CVE-2006-6120
Summary Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow.
References
Vulnerable Configurations
  • KDE KOffice 1.6.1
    cpe:2.3:a:kde:koffice:1.6.1
CVSS
Base: 6.8 (as of 05-12-2006 - 17:09)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-222.NASL
    description An integer overflow was discovered in KOffice's filtering code. By tricking a user into opening a specially crafted PPT file, attackers could crash KOffice or possibly execute arbitrary code with the user's privileges. The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 24606
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24606
    title Mandrake Linux Security Advisory : koffice (MDKSA-2006:222)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KOFFICE-2323.NASL
    description This update fixes a security problem in the OLE import handling for PPT files, where attackers with crafted documents could crash kpresenter and potentially execute code. (CVE-2006-6120)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27304
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27304
    title openSUSE 10 Security Update : koffice (koffice-2323)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-388-1.NASL
    description An integer overflow was discovered in KOffice's filtering code. By tricking a user into opening a specially crafted PPT file, attackers could crash KOffice or possibly execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 27971
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27971
    title Ubuntu 5.10 : koffice vulnerability (USN-388-1)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2006-357-04.NASL
    description A new koffice package is available for Slackware 10.2 to fix a security issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 24664
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24664
    title Slackware 10.2 : koffice (SSA:2006-357-04)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0010.NASL
    description Updated KOffice packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. KOffice is a collection of productivity applications for the K Desktop Environment (KDE) GUI desktop. An integer overflow bug was found in KOffice's PPT file processor. An attacker could create a malicious PPT file that could cause KOffice to execute arbitrary code if the file was opened by a victim. (CVE-2006-6120) All users of KOffice are advised to upgrade to these updated packages, which contains a backported patch to correct this issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 24676
    published 2007-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24676
    title RHEL 2.1 : koffice (RHSA-2007:0010)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200612-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-200612-05 (KOffice shared libraries: Heap corruption) Kees Cook of Ubuntu discovered that 'KLaola::readBigBlockDepot()' in klaola.cc fills 'num_of_bbd_blocks' while reading a .ppt (PowerPoint) file without proper sanitizing, resulting in an integer overflow subsequently overwriting the heap with parts of the file being read. Impact : By enticing a user to open a specially crafted PowerPoint file, an attacker could crash the application and possibly execute arbitrary code with the rights of the user running KOffice. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 23857
    published 2006-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23857
    title GLSA-200612-05 : KOffice shared libraries: Heap corruption
redhat via4
advisories
rhsa
id RHSA-2007:0010
refmap via4
bid 21354
bugtraq 20061205 [KOffice security advisory] KOffice OLEfilter integer overflow
confirm
gentoo GLSA-200612-05
mandriva MDKSA-2006:222
misc http://websvn.kde.org/branches/koffice/1.6/koffice/filters/olefilters/lib/klaola.cc?rev=607037&r1=566347&r2=607037
sectrack 1017318
secunia
  • 23143
  • 23162
  • 23220
  • 23409
  • 24218
suse SUSE-SR:2006:029
ubuntu USN-388-1
vupen ADV-2006-4771
xf koffice-readbigblockdepot-overflow(30624)
Last major update 07-03-2011 - 21:45
Published 03-12-2006 - 14:28
Last modified 17-10-2018 - 17:46
Back to Top