CVE-2006-2199

Related Files

Ubuntu Security Notice 313-1

Posted Jul 13, 2006

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 313-1 - Multiple vulnerabilities have surfaced in Open Office.

tags | advisory, vulnerability

systems | linux, ubuntu

advisories | CVE-2006-2198, CVE-2006-2199, CVE-2006-3117

SHA-256 | 183cd37f23e6784429f845c08d6fbb813c48b81039ff86f887a33806e1a21660

Download | Favorite | View

Mandriva Linux Security Advisory 2006.118

Posted Jul 9, 2006

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-118 - OpenOffice.org versions 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. An unspecified vulnerability in Java Applets in OpenOffice.org versions 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. Heap-based buffer overflow in OpenOffice.org versions 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability."

tags | advisory, java, overflow, arbitrary

systems | linux, mandriva

advisories | CVE-2006-2198, CVE-2006-2199, CVE-2006-3117

SHA-256 | 5a8c64eba7a3889e3f7530ca9a0952ea5c82032ff3c72dc7da55a76a5bf3ff7f

Download | Favorite | View

SUSE-SA-2006-040.txt

Posted Jul 9, 2006

Site suse.com

SUSE Security Announcement SUSE-SA:2006:040 - Multiple vulnerabilities have been discovered in OpenOffice. A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon loading of the document. A security vulnerability related to OpenOffice.org documents may allow certain Java applets to break through the "sandbox" and therefore have full access to system resources with current user privileges. A buffer overflow in the XML UTF8 converter allows for a value to be written to an arbitrary location in memory. This may lead to command execution in the context of the current user.

tags | advisory, java, overflow, arbitrary, vulnerability

systems | linux, suse

advisories | CVE-2006-2198, CVE-2006-2199, CVE-2006-3117

SHA-256 | 8a8e3987a76df5a732e8cbca045edc16f6f66c6df5a7fa7b42994363e9012e4d

Download | Favorite | View

Debian Linux Security Advisory 1104-1

Posted Jul 2, 2006

Authored by Debian | Site debian.org

Debian Security Advisory 1104-1 - Several vulnerabilities have been discovered in OpenOffice.org, a free office suite. It turned out to be possible to embed arbitrary BASIC macros in documents in a way that OpenOffice.org does not see them but executes them anyway without any user interaction. It is possible to evade the Java sandbox with specially crafted Java applets. Loading malformed XML documents can cause buffer overflows and cause a denial of service or execute arbitrary code.

tags | advisory, java, denial of service, overflow, arbitrary, vulnerability

systems | linux, debian

advisories | CVE-2006-2198, CVE-2006-2199, CVE-2006-3117

SHA-256 | deaefe6a689b0fc91e62a203448262cff8dbb4cb8432ae2e8ca49302d8c8b26f

Download | Favorite | View