Published: 31/12/2006 Updated: 17/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Subscribe to Sun

Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and previous versions, and possibly other versions prior to 2.1.0; and StarOffice 6 through 8; allow user-assisted remote malicious users to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun staroffice 7.0
sun staroffice 8.0
sun staroffice 6.0
openoffice openoffice

An integer overflow was discovered in OpenOfficeorg’s handling of WMF files If a user were tricked into opening a specially crafted WMF file, an attacker could execute arbitrary code with user privileges ...

John Heasman from Next Generation Security Software discovered a heap overflow in the handling of Windows Metafiles in OpenOfficeorg, the free office suite, which could lead to a denial of service and potentially execution of arbitrary code For the stable distribution (sarge) this problem has been fixed in version 113-9sarge4 For the unstable ...

CWE-189 http://www.openoffice.org/issues/show_bug.cgi?id=70042 http://www.redhat.com/support/errata/RHSA-2007-0001.html http://www.securityfocus.com/archive/1/455947/100/0/threaded http://www.securityfocus.com/archive/1/455954/100/0/threaded http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmly http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patch http://fedoranews.org/cms/node/2344 http://lists.suse.com/archive/suse-security-announce/2007-Jan/0001.html http://securitytracker.com/id?1017466 http://secunia.com/advisories/23612 http://secunia.com/advisories/23616 http://secunia.com/advisories/23549 http://secunia.com/advisories/23620 https://issues.rpath.com/browse/RPL-905 http://www.debian.org/security/2007/dsa-1246 http://secunia.com/advisories/23682 http://secunia.com/advisories/23683 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102735-1 http://www.mandriva.com/security/advisories?name=MDKSA-2007:006 http://secunia.com/advisories/23712 http://secunia.com/advisories/23711 http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/http://security.gentoo.org/glsa/glsa-200701-07.xml http://www.ubuntu.com/usn/usn-406-1 http://secunia.com/advisories/23762 http://secunia.com/advisories/23600 ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc http://www.kb.cert.org/vuls/id/220288 http://secunia.com/advisories/23920 http://osvdb.org/32610 http://osvdb.org/32611 http://www.vupen.com/english/advisories/2007/0059 http://www.vupen.com/english/advisories/2007/0031 https://exchange.xforce.ibmcloud.com/vulnerabilities/31257 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9145 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8280 http://www.securityfocus.com/archive/1/456271/100/100/threaded http://www.securityfocus.com/archive/1/455964/100/0/threaded http://www.securityfocus.com/archive/1/455943/100/0/threaded https://usn.ubuntu.com/406-1/https://nvd.nist.gov https://www.kb.cert.org/vuls/id/220288

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook