ID CVE-2006-6628
Summary Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase.
References
Vulnerable Configurations
  • cpe:2.3:a:openoffice:openoffice:2.1
    cpe:2.3:a:openoffice:openoffice:2.1
CVSS
Base: 4.3 (as of 18-12-2006 - 16:30)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description Microsoft Word Document (malformed pointer) Proof of Concept. CVE-2006-6561,CVE-2006-6628. Dos exploit for windows platform
file exploits/windows/dos/2922.txt
id EDB-ID:2922
last seen 2016-01-31
modified 2006-12-12
platform windows
port
published 2006-12-12
reporter DiscoJonny
source https://www.exploit-db.com/download/2922/
title Microsoft Word Document - malformed pointer Proof of Concept
type dos
refmap via4
bid 21618
bugtraq
  • 20061215 Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!
  • 20061215 Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!
  • 20061217 Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!
  • 20061218 Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!
exploit-db 2922
misc http://www.milw0rm.com/sploits/12122006-djtest.doc
sreason 2043
vupen ADV-2006-5051
statements via4
contributor Joshua Bressers
lastmodified 2007-01-15
organization Red Hat
statement Red Hat does not consider this flaw a security issue. This flaw will only crash OpenOffice.org and presents no possibility for arbitrary code execution.
Last major update 07-03-2011 - 21:46
Published 18-12-2006 - 06:28
Last modified 17-10-2018 - 17:49
Back to Top