CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
95.3%
Multiple buffer overflow vulnerabilities exist in the OpenOffice.org office suite. If successfully exploited, these vulnerabilities may allow an attacker to execute arbitrary code on a vulnerable system.
OpenOffice.org is a free office suite that is available for multiple operating systems.
Windows Metafile (WMF) is a vector graphics format that was designed by Microsoft for Windows 3.0. A newer version of WMF, known as Enhanced Metafile (EMF) was designed for 32-bit operating systems.
OpenOffice.org supports importing and exporting to WMF and EMF files. There are multiple errors within the handling of the EMR_POLYPOLYGON, EMR_POLYPOLYGON16, and META_ESCAPE records that may result in a buffer overflow. An attacker may be able to exploit these vulnerabilities by convincing a user to open a specially crafted WMF or EMF file that triggers the overflow.
Note that Sun StarOffice versions 6, 7, and 8 are also vulnerable.
A remote unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.
Upgrade
OpenOffice.org has issued an update to address these issues in version 2.0.4. The OpenOffice team has reported that this issue does not affect version 2.1. The update is available for all operating systems supported by the OpenOffice.org team.
StarOffice users and administrators should see the Sunsolve support site for more details about available updates…
Do not run OpenOffice or StarOffice with superuser privileges
Running OpenOffice or StarOffice with a non-privileged user account may mitigate the affects of this vulnerability.
220288
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: January 05, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Updated: June 06, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://sunsolve.sun.com/search/document.do?assetkey=1-26-102735-1> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23220288 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to the OpenOffice.org team for information used in this report.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2006-5870 |
---|---|
Date Public: | 2007-01-04 Date First Published: |
secunia.com/advisories/23549/
secunia.com/advisories/23600/
secunia.com/advisories/23612/
secunia.com/advisories/23616/
secunia.com/advisories/23620/
secunia.com/advisories/23682/
secunia.com/advisories/23683/
secunia.com/advisories/23712/
secunia.com/advisories/23920/
www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-openoffice-suite/
www.openoffice.org/issues/show_bug.cgi?id=70042
www.securityfocus.com/bid/21861