ID CVE-2006-2199
Summary Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents.
References
Vulnerable Configurations
  • cpe:2.3:a:openoffice:openoffice:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:openoffice:openoffice:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openoffice:openoffice:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:openoffice:openoffice:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openoffice:openoffice:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:openoffice:openoffice:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openoffice:openoffice:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:openoffice:openoffice:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openoffice:openoffice:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:openoffice:openoffice:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openoffice:openoffice:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:openoffice:openoffice:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openoffice:openoffice:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:openoffice:openoffice:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openoffice:openoffice:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openoffice:openoffice:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openoffice:openoffice:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openoffice:openoffice:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:staroffice:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:staroffice:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:staroffice:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:staroffice:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:staroffice:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:staroffice:8.0:*:*:*:*:*:*:*
CVSS
Base: 7.6 (as of 18-10-2018 - 16:38)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:13:21.438-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents.
family unix
id oval:org.mitre.oval:def:11338
status accepted
submitted 2010-07-09T03:56:16-04:00
title Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents.
version 24
redhat via4
advisories
rhsa
id RHSA-2006:0573
refmap via4
bid 18737
bugtraq 20060926 rPSA-2006-0173-1 openoffice.org
cert-vn VU#243681
confirm
debian DSA-1104
fedora FEDORA-2007-005
gentoo GLSA-200607-12
mandriva MDKSA-2006:118
sectrack 1016414
secunia
  • 20867
  • 20893
  • 20910
  • 20911
  • 20913
  • 20975
  • 20995
  • 21278
  • 23620
sunalert 102475
suse SUSE-SA:2006:040
ubuntu
  • USN-313-1
  • USN-313-2
vupen
  • ADV-2006-2607
  • ADV-2006-2621
xf openoffice-applet-sandbox-bypass(27569)
Last major update 18-10-2018 - 16:38
Published 30-06-2006 - 18:05
Back to Top