National Vulnerability Database (NVD) National Vulnerability Database (CVE-2006-5870)

National Cyber Awareness System

Vulnerability Summary for CVE-2006-5870

Original release date:12/31/2006

Last revised:09/09/2011

Source: US-CERT/NIST

Overview

Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Red Hat (03/14/2007)

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#220288

Name: VU#220288

Hyperlink:http://www.kb.cert.org/vuls/id/220288

External Source: REDHAT

Name: RHSA-2007:0001

Type: Advisory; Patch Information

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0001.html

External Source: CONFIRM

Name: http://www.openoffice.org/issues/show_bug.cgi?id=70042

Type: Patch Information

Hyperlink:http://www.openoffice.org/issues/show_bug.cgi?id=70042

External Source: CONFIRM

Name: https://issues.rpath.com/browse/RPL-905

Hyperlink:https://issues.rpath.com/browse/RPL-905

External Source: XF

Name: openoffice-wmf-bo(31257)

Hyperlink:http://xforce.iss.net/xforce/xfdb/31257

External Source: VUPEN

Name: ADV-2007-0059

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2007/0059

External Source: VUPEN

Name: ADV-2007-0031

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2007/0031

External Source: UBUNTU

Name: USN-406-1

Hyperlink:http://www.ubuntu.com/usn/usn-406-1

External Source: BUGTRAQ

Name: 20070108 rPSA-2007-0001-1 openoffice.org

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/456271/100/100/threaded

External Source: BUGTRAQ

Name: 20070104 High Risk Vulnerability in the OpenOffice and StarOffice Suites

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/455964/100/0/threaded

External Source: BUGTRAQ

Name: 20070104 Correction (High Risk Vulnerability in the OpenOffice and StarOffice Suites)

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/455943/100/0/threaded

External Source: BUGTRAQ

Name: 20070104 Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites

Hyperlink:http://www.securityfocus.com/archive/1/455954/100/0/threaded

External Source: BUGTRAQ

Name: 20070104 Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites

Hyperlink:http://www.securityfocus.com/archive/1/455947/100/0/threaded

External Source: CONFIRM

Name: http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patch

Hyperlink:http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patch

External Source: MISC

Name: http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/

Hyperlink:http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/

External Source: MANDRIVA

Name: MDKSA-2007:006

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:006

External Source: DEBIAN

Name: DSA-1246

Hyperlink:http://www.debian.org/security/2007/dsa-1246

External Source: SUNALERT

Name: 102735

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102735-1

External Source: SECTRACK

Name: 1017466

Hyperlink:http://securitytracker.com/id?1017466

External Source: GENTOO

Name: GLSA-200701-07

Hyperlink:http://security.gentoo.org/glsa/glsa-200701-07.xml

External Source: SECUNIA

Name: 23920

Type: Advisory

Hyperlink:http://secunia.com/advisories/23920

External Source: SECUNIA

Name: 23762

Type: Advisory

Hyperlink:http://secunia.com/advisories/23762

External Source: SECUNIA

Name: 23712

Type: Advisory

Hyperlink:http://secunia.com/advisories/23712

External Source: SECUNIA

Name: 23711

Type: Advisory

Hyperlink:http://secunia.com/advisories/23711

External Source: SECUNIA

Name: 23683

Type: Advisory

Hyperlink:http://secunia.com/advisories/23683

External Source: SECUNIA

Name: 23682

Type: Advisory

Hyperlink:http://secunia.com/advisories/23682

External Source: SECUNIA

Name: 23620

Type: Advisory

Hyperlink:http://secunia.com/advisories/23620

External Source: SECUNIA

Name: 23616

Type: Advisory

Hyperlink:http://secunia.com/advisories/23616

External Source: SECUNIA

Name: 23612

Type: Advisory

Hyperlink:http://secunia.com/advisories/23612

External Source: SECUNIA

Name: 23600

Type: Advisory

Hyperlink:http://secunia.com/advisories/23600

External Source: SECUNIA

Name: 23549

Type: Advisory

Hyperlink:http://secunia.com/advisories/23549

External Source: OVAL

Name: oval:org.mitre.oval:def:9145

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9145

External Source: OSVDB

Name: 32611

Hyperlink:http://osvdb.org/32611

External Source: OSVDB

Name: 32610

Hyperlink:http://osvdb.org/32610

External Source: SUSE

Name: SUSE-SA:2007:001

Hyperlink:http://lists.suse.com/archive/suse-security-announce/2007-Jan/0001.html

External Source: FEDORA

Name: FEDORA-2007-005

Hyperlink:http://fedoranews.org/cms/node/2344

External Source: VULNWATCH

Name: 20070104 High Risk Vulnerability in the OpenOffice and StarOffice Suites

Hyperlink:http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmly

External Source: SGI

Name: 20070101-01-P

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc

US Government Resource: oval:org.mitre.oval:def:8280

Name: oval:org.mitre.oval:def:8280

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8280

References to Check Content

Identifier:oval:org.mitre.oval:def:8280

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8280

Identifier:oval:org.mitre.oval:def:9145

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9145

Vulnerable software and versions

Configuration 1

* cpe:/a:sun:staroffice:6.0

* cpe:/a:sun:staroffice:7.0

* cpe:/a:sun:staroffice:8.0

* cpe:/a:openoffice:openoffice:2.0.4 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Numeric Errors (CWE-189)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5870