// For flags

CVE-2006-5870

Ubuntu Security Notice 406-1

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.

Múltiples desbordamientos de enteros en OpenOffice.org (OOo) 2.0.4 y anteriores, y posiblemente otras versiones anteriores a 2.1.0;y StarOffice 6 hasta 8; permiten a un atacante remoto con la intervención del usuario ejecutar código de su elección mediante (1) ficheros WMF o (b) EMF manipulados que disparan un desbordamiento de búfer basado en montículo en (1) wmf/winwmf.cxx, durante el procesamiento de registros META_ESCAPE; y wmf/enhwmf.cxx durante el procesamiento de (2) registros EMR_POLYPOLYGON y (3) EMR_POLYPOLYGON16.

John Heasman from Next Generation Security Software discovered a heap overflow in the handling of Windows Metafiles in OpenOffice.org, the free office suite, which could lead to a denial of service and potentially execution of arbitrary code.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-11-14 CVE Reserved
  • 2006-12-31 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-07-01 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-189: Numeric Errors
CAPEC
References (41)
URL Tag Source
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmly Mailing List
http://osvdb.org/32610 Vdb Entry
http://osvdb.org/32611 Vdb Entry
http://securitytracker.com/id?1017466 Vdb Entry
http://www.kb.cert.org/vuls/id/220288 Third Party Advisory
http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite X_refsource_misc
http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patch X_refsource_confirm
http://www.securityfocus.com/archive/1/455943/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/455947/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/455954/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/455964/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/456271/100/100/threaded Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/31257 Vdb Entry
https://issues.rpath.com/browse/RPL-905 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8280 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9145 Signature
URL Date SRC
URL Date SRC
http://www.openoffice.org/issues/show_bug.cgi?id=70042 2018-10-17
http://www.redhat.com/support/errata/RHSA-2007-0001.html 2018-10-17
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc 2018-10-17
http://fedoranews.org/cms/node/2344 2018-10-17
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0001.html 2018-10-17
http://secunia.com/advisories/23549 2018-10-17
http://secunia.com/advisories/23600 2018-10-17
http://secunia.com/advisories/23612 2018-10-17
http://secunia.com/advisories/23616 2018-10-17
http://secunia.com/advisories/23620 2018-10-17
http://secunia.com/advisories/23682 2018-10-17
http://secunia.com/advisories/23683 2018-10-17
http://secunia.com/advisories/23711 2018-10-17
http://secunia.com/advisories/23712 2018-10-17
http://secunia.com/advisories/23762 2018-10-17
http://secunia.com/advisories/23920 2018-10-17
http://security.gentoo.org/glsa/glsa-200701-07.xml 2018-10-17
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102735-1 2018-10-17
http://www.debian.org/security/2007/dsa-1246 2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2007:006 2018-10-17
http://www.ubuntu.com/usn/usn-406-1 2018-10-17
http://www.vupen.com/english/advisories/2007/0031 2018-10-17
http://www.vupen.com/english/advisories/2007/0059 2018-10-17
https://access.redhat.com/security/cve/CVE-2006-5870 2007-01-03
https://bugzilla.redhat.com/show_bug.cgi?id=1618229 2007-01-03
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openoffice
Search vendor "Openoffice"
 Openoffice
Search vendor "Openoffice" for product "Openoffice"
 <= 2.0.4
Search vendor "Openoffice" for product "Openoffice" and version " <= 2.0.4"
-
Affected
Sun
Search vendor "Sun"
 Staroffice
Search vendor "Sun" for product "Staroffice"
 6.0
Search vendor "Sun" for product "Staroffice" and version "6.0"
-
Affected
Sun
Search vendor "Sun"
 Staroffice
Search vendor "Sun" for product "Staroffice"
 7.0
Search vendor "Sun" for product "Staroffice" and version "7.0"
-
Affected
Sun
Search vendor "Sun"
 Staroffice
Search vendor "Sun" for product "Staroffice"
 8.0
Search vendor "Sun" for product "Staroffice" and version "8.0"
-
Affected