ID CVE-2006-5870
Summary Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.
References
Vulnerable Configurations
  • cpe:2.3:a:openoffice:openoffice:*:*:*:*:*:*:*:*
    cpe:2.3:a:openoffice:openoffice:*:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:staroffice:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:staroffice:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:staroffice:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:staroffice:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:staroffice:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:staroffice:8.0:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 17-10-2018 - 21:45)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2014-06-09T04:01:48.851-04:00
    class vulnerability
    contributors
    • name Thomas R. Jones
      organization Maitreya Security
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jerome Athias
      organization McAfee, Inc.
    definition_extensions
    • comment Novell Linux Desktop 9 is installed
      oval oval:org.mitre.oval:def:2090
    • comment SUSE Linux Desktop 1.0 is installed
      oval oval:org.mitre.oval:def:1366
    • comment SUSE Linux 10.1 is installed
      oval oval:org.mitre.oval:def:2157
    • comment Package OpenOffice_org is installed
      oval oval:org.mitre.oval:def:8865
    • comment Package OpenOffice_org-gnome is installed
      oval oval:org.mitre.oval:def:8914
    • comment Package OpenOffice_org-kde is installed
      oval oval:org.mitre.oval:def:9199
    • comment Package OpenOffice_org-mono is installed
      oval oval:org.mitre.oval:def:8222
    • comment Package OpenOffice_org-officebean is installed
      oval oval:org.mitre.oval:def:8541
    • comment SUSE Linux 10.0 is installed
      oval oval:org.mitre.oval:def:2027
    • comment Package OpenOffice_org is installed
      oval oval:org.mitre.oval:def:8865
    • comment Package OpenOffice_org-af is installed
      oval oval:org.mitre.oval:def:8974
    • comment Package OpenOffice_org-ar is installed
      oval oval:org.mitre.oval:def:8663
    • comment Package OpenOffice_org-be-BY is installed
      oval oval:org.mitre.oval:def:8432
    • comment Package OpenOffice_org-bg is installed
      oval oval:org.mitre.oval:def:8403
    • comment Package OpenOffice_org-ca is installed
      oval oval:org.mitre.oval:def:8887
    • comment Package OpenOffice_org-cs is installed
      oval oval:org.mitre.oval:def:8733
    • comment Package OpenOffice_org-cy is installed
      oval oval:org.mitre.oval:def:8329
    • comment Package OpenOffice_org-da is installed
      oval oval:org.mitre.oval:def:8998
    • comment Package OpenOffice_org-de is installed
      oval oval:org.mitre.oval:def:8688
    • comment Package OpenOffice_org-el is installed
      oval oval:org.mitre.oval:def:8801
    • comment Package OpenOffice_org-en-GB is installed
      oval oval:org.mitre.oval:def:8829
    • comment Package OpenOffice_org-es is installed
      oval oval:org.mitre.oval:def:8583
    • comment Package OpenOffice_org-et is installed
      oval oval:org.mitre.oval:def:8678
    • comment Package OpenOffice_org-fi is installed
      oval oval:org.mitre.oval:def:8451
    • comment Package OpenOffice_org-fr is installed
      oval oval:org.mitre.oval:def:8215
    • comment Package OpenOffice_org-galleries is installed
      oval oval:org.mitre.oval:def:8997
    • comment Package OpenOffice_org-gnome is installed
      oval oval:org.mitre.oval:def:8914
    • comment Package OpenOffice_org-gu-IN is installed
      oval oval:org.mitre.oval:def:8341
    • comment Package OpenOffice_org-hr is installed
      oval oval:org.mitre.oval:def:8715
    • comment Package OpenOffice_org-hu is installed
      oval oval:org.mitre.oval:def:8228
    • comment Package OpenOffice_org-hunspell is installed
      oval oval:org.mitre.oval:def:8892
    • comment Package OpenOffice_org-it is installed
      oval oval:org.mitre.oval:def:9104
    • comment Package OpenOffice_org-ja is installed
      oval oval:org.mitre.oval:def:8987
    • comment Package OpenOffice_org-kde is installed
      oval oval:org.mitre.oval:def:9199
    • comment Package OpenOffice_org-ko is installed
      oval oval:org.mitre.oval:def:8352
    • comment Package OpenOffice_org-mono is installed
      oval oval:org.mitre.oval:def:8222
    • comment Package OpenOffice_org-nb is installed
      oval oval:org.mitre.oval:def:8804
    • comment Package OpenOffice_org-nl is installed
      oval oval:org.mitre.oval:def:8611
    • comment Package OpenOffice_org-nn is installed
      oval oval:org.mitre.oval:def:8501
    • comment Package OpenOffice_org-officebean is installed
      oval oval:org.mitre.oval:def:8541
    • comment Package OpenOffice_org-pa-IN is installed
      oval oval:org.mitre.oval:def:8882
    • comment Package OpenOffice_org-pl is installed
      oval oval:org.mitre.oval:def:8799
    • comment Package OpenOffice_org-pt is installed
      oval oval:org.mitre.oval:def:8664
    • comment Package OpenOffice_org-pt-BR is installed
      oval oval:org.mitre.oval:def:8886
    • comment Package OpenOffice_org-ru is installed
      oval oval:org.mitre.oval:def:8389
    • comment Package OpenOffice_org-sk is installed
      oval oval:org.mitre.oval:def:8244
    • comment Package OpenOffice_org-sl is installed
      oval oval:org.mitre.oval:def:9181
    • comment Package OpenOffice_org-sv is installed
      oval oval:org.mitre.oval:def:8860
    • comment Package OpenOffice_org-tr is installed
      oval oval:org.mitre.oval:def:8707
    • comment Package OpenOffice_org-vi is installed
      oval oval:org.mitre.oval:def:8288
    • comment Package OpenOffice_org-xh is installed
      oval oval:org.mitre.oval:def:8477
    • comment Package OpenOffice_org-zh-CN is installed
      oval oval:org.mitre.oval:def:8995
    • comment Package OpenOffice_org-zh-TW is installed
      oval oval:org.mitre.oval:def:9146
    • comment Package OpenOffice_org-zu is installed
      oval oval:org.mitre.oval:def:8269
    • comment SUSE Linux Professional 9.3 is installed
      oval oval:org.mitre.oval:def:2044
    • comment Package OpenOffice_org1 is installed
      oval oval:org.mitre.oval:def:8264
    • comment Package OpenOffice_org1-ar is installed
      oval oval:org.mitre.oval:def:8777
    • comment Package OpenOffice_org1-ca is installed
      oval oval:org.mitre.oval:def:8915
    • comment Package OpenOffice_org1-cs is installed
      oval oval:org.mitre.oval:def:8357
    • comment Package OpenOffice_org1-da is installed
      oval oval:org.mitre.oval:def:8308
    • comment Package OpenOffice_org1-de is installed
      oval oval:org.mitre.oval:def:8533
    • comment Package OpenOffice_org1-el is installed
      oval oval:org.mitre.oval:def:8652
    • comment Package OpenOffice_org1-en is installed
      oval oval:org.mitre.oval:def:8958
    • comment Package OpenOffice_org1-es is installed
      oval oval:org.mitre.oval:def:8705
    • comment Package OpenOffice_org1-et is installed
      oval oval:org.mitre.oval:def:8681
    • comment Package OpenOffice_org1-fi is installed
      oval oval:org.mitre.oval:def:8815
    • comment Package OpenOffice_org1-fr is installed
      oval oval:org.mitre.oval:def:8672
    • comment Package OpenOffice_org1-gnome is installed
      oval oval:org.mitre.oval:def:8342
    • comment Package OpenOffice_org1-hu is installed
      oval oval:org.mitre.oval:def:8380
    • comment Package OpenOffice_org1-it is installed
      oval oval:org.mitre.oval:def:8691
    • comment Package OpenOffice_org1-ja is installed
      oval oval:org.mitre.oval:def:9174
    • comment Package OpenOffice_org1-kde is installed
      oval oval:org.mitre.oval:def:8774
    • comment Package OpenOffice_org1-ko is installed
      oval oval:org.mitre.oval:def:9070
    • comment Package OpenOffice_org1-nl is installed
      oval oval:org.mitre.oval:def:9192
    • comment Package OpenOffice_org1-pl is installed
      oval oval:org.mitre.oval:def:8502
    • comment Package OpenOffice_org1-pt is installed
      oval oval:org.mitre.oval:def:8906
    • comment Package OpenOffice_org1-ru is installed
      oval oval:org.mitre.oval:def:9169
    • comment Package OpenOffice_org1-sk is installed
      oval oval:org.mitre.oval:def:8903
    • comment Package OpenOffice_org1-sl is installed
      oval oval:org.mitre.oval:def:8773
    • comment Package OpenOffice_org1-sv is installed
      oval oval:org.mitre.oval:def:9168
    • comment Package OpenOffice_org1-tr is installed
      oval oval:org.mitre.oval:def:8310
    • comment Package OpenOffice_org1-zh-CN is installed
      oval oval:org.mitre.oval:def:8604
    • comment Package OpenOffice_org1-zh-TW is installed
      oval oval:org.mitre.oval:def:8999
    • comment SUSE Linux Enterprise Desktop 10 is installed
      oval oval:org.mitre.oval:def:2106
    description Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.
    family unix
    id oval:org.mitre.oval:def:8280
    status accepted
    submitted 2007-07-22T11:38:47
    title OpenOffice_org WMF buffer overflows
    version 35
  • accepted 2013-04-29T04:18:19.805-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.
    family unix
    id oval:org.mitre.oval:def:9145
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.
    version 23
redhat via4
advisories
bugzilla
id 217347
title CVE-2006-5870 WMF heap overflow
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhba:tst:20070026001
    • OR
      • AND
        • comment openoffice.org is earlier than 0:1.1.2-35.2.0.EL3
          oval oval:com.redhat.rhsa:tst:20070001002
        • comment openoffice.org is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070001003
      • AND
        • comment openoffice.org-i18n is earlier than 0:1.1.2-35.2.0.EL3
          oval oval:com.redhat.rhsa:tst:20070001006
        • comment openoffice.org-i18n is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070001007
      • AND
        • comment openoffice.org-libs is earlier than 0:1.1.2-35.2.0.EL3
          oval oval:com.redhat.rhsa:tst:20070001004
        • comment openoffice.org-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070001005
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment openoffice.org is earlier than 0:1.1.5-6.6.0.EL4
          oval oval:com.redhat.rhsa:tst:20070001009
        • comment openoffice.org is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070001003
      • AND
        • comment openoffice.org-i18n is earlier than 0:1.1.5-6.6.0.EL4
          oval oval:com.redhat.rhsa:tst:20070001010
        • comment openoffice.org-i18n is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070001007
      • AND
        • comment openoffice.org-kde is earlier than 0:1.1.5-6.6.0.EL4
          oval oval:com.redhat.rhsa:tst:20070001011
        • comment openoffice.org-kde is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070001012
      • AND
        • comment openoffice.org-libs is earlier than 0:1.1.5-6.6.0.EL4
          oval oval:com.redhat.rhsa:tst:20070001013
        • comment openoffice.org-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070001005
rhsa
id RHSA-2007:0001
released 2007-01-03
severity Important
title RHSA-2007:0001: openoffice.org security update (Important)
rpms
  • openoffice.org-0:1.1.2-35.2.0.EL3
  • openoffice.org-i18n-0:1.1.2-35.2.0.EL3
  • openoffice.org-libs-0:1.1.2-35.2.0.EL3
  • openoffice.org-0:1.1.5-6.6.0.EL4
  • openoffice.org-i18n-0:1.1.5-6.6.0.EL4
  • openoffice.org-kde-0:1.1.5-6.6.0.EL4
  • openoffice.org-libs-0:1.1.5-6.6.0.EL4
refmap via4
bugtraq
  • 20070104 Correction (High Risk Vulnerability in the OpenOffice and StarOffice Suites)
  • 20070104 High Risk Vulnerability in the OpenOffice and StarOffice Suites
  • 20070104 Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites
  • 20070108 rPSA-2007-0001-1 openoffice.org
cert-vn VU#220288
confirm
debian DSA-1246
fedora FEDORA-2007-005
gentoo GLSA-200701-07
mandriva MDKSA-2007:006
misc http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/
osvdb
  • 32610
  • 32611
sectrack 1017466
secunia
  • 23549
  • 23600
  • 23612
  • 23616
  • 23620
  • 23682
  • 23683
  • 23711
  • 23712
  • 23762
  • 23920
sgi 20070101-01-P
sunalert 102735
suse SUSE-SA:2007:001
ubuntu USN-406-1
vulnwatch 20070104 High Risk Vulnerability in the OpenOffice and StarOffice Suites
vupen
  • ADV-2007-0031
  • ADV-2007-0059
xf openoffice-wmf-bo(31257)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 17-10-2018 - 21:45
Published 31-12-2006 - 05:00
Back to Top