CVE-2006-6120

koffice: update to 1.6.1

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow.

Desbordamiento de enteros en filtro de importanción KPresenter para archivos Microsoft PowerPoint(filters/olefilters/lib/klaola.cc)en KOffice anterior a 1.6.1 permite a atacantes con la intervención del usuarios ejecutar código de su elección a través de un PPT manipulado, lo cual deriva en un desbordamiento de búfer basado en pila.

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-11-26 CVE Reserved
2006-12-03 CVE Published
2024-06-14 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (20)

URL	Tag	Source
http://secunia.com/advisories/23220	Third Party Advisory
http://secunia.com/advisories/23409	Third Party Advisory
http://secunia.com/advisories/24218	Third Party Advisory
http://securitytracker.com/id?1017318	Vdb Entry
http://www.kde.org/info/security/advisory-20061204-1.txt	X_refsource_confirm
http://www.securityfocus.com/archive/1/453550/100/0/threaded	Mailing List
http://www.vupen.com/english/advisories/2006/4771	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/30624	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://websvn.kde.org/branches/koffice/1.6/koffice/filters/olefilters/lib/klaola.cc?rev=607037&r1=566347&r2=607037	2018-10-17
http://www.koffice.org/announcements/changelog-1.6.1.php	2018-10-17
http://www.securityfocus.com/bid/21354	2018-10-17
http://www.ubuntu.com/usn/usn-388-1	2018-10-17

URL	Date	SRC
http://secunia.com/advisories/23143	2018-10-17
http://secunia.com/advisories/23162	2018-10-17
http://security.gentoo.org/glsa/glsa-200612-05.xml	2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:222	2018-10-17
http://www.novell.com/linux/security/advisories/2006_29_sr.html	2018-10-17
http://www.redhat.com/support/errata/RHSA-2007-0010.html	2018-10-17
https://access.redhat.com/security/cve/CVE-2006-6120	2007-02-20
https://bugzilla.redhat.com/show_bug.cgi?id=218030	2007-02-20

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Kde Search vendor "Kde"		Koffice Search vendor "Kde" for product "Koffice"				1.6.1 Search vendor "Kde" for product "Koffice" and version "1.6.1"		-		Affected