what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2006-3117

Status Candidate

Overview

Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability."

Related Files

Ubuntu Security Notice 313-1
Posted Jul 13, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 313-1 - Multiple vulnerabilities have surfaced in Open Office.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2006-2198, CVE-2006-2199, CVE-2006-3117
SHA-256 | 183cd37f23e6784429f845c08d6fbb813c48b81039ff86f887a33806e1a21660
Mandriva Linux Security Advisory 2006.118
Posted Jul 9, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-118 - OpenOffice.org versions 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. An unspecified vulnerability in Java Applets in OpenOffice.org versions 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. Heap-based buffer overflow in OpenOffice.org versions 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability."

tags | advisory, java, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2006-2198, CVE-2006-2199, CVE-2006-3117
SHA-256 | 5a8c64eba7a3889e3f7530ca9a0952ea5c82032ff3c72dc7da55a76a5bf3ff7f
Debian Linux Security Advisory 1104-2
Posted Jul 9, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1104-2 - Loading malformed XML documents can cause buffer overflows in OpenOffice.org, a free office suite, and cause a denial of service or execute arbitrary code. It turned out that the correction in DSA 1104-1 was not sufficient, hence, another update.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2006-3117
SHA-256 | c6319298893756fd6f1bb68402e39757063adf93ebad24721623a55f94b1d361
SUSE-SA-2006-040.txt
Posted Jul 9, 2006
Site suse.com

SUSE Security Announcement SUSE-SA:2006:040 - Multiple vulnerabilities have been discovered in OpenOffice. A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon loading of the document. A security vulnerability related to OpenOffice.org documents may allow certain Java applets to break through the "sandbox" and therefore have full access to system resources with current user privileges. A buffer overflow in the XML UTF8 converter allows for a value to be written to an arbitrary location in memory. This may lead to command execution in the context of the current user.

tags | advisory, java, overflow, arbitrary, vulnerability
systems | linux, suse
advisories | CVE-2006-2198, CVE-2006-2199, CVE-2006-3117
SHA-256 | 8a8e3987a76df5a732e8cbca045edc16f6f66c6df5a7fa7b42994363e9012e4d
Debian Linux Security Advisory 1104-1
Posted Jul 2, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1104-1 - Several vulnerabilities have been discovered in OpenOffice.org, a free office suite. It turned out to be possible to embed arbitrary BASIC macros in documents in a way that OpenOffice.org does not see them but executes them anyway without any user interaction. It is possible to evade the Java sandbox with specially crafted Java applets. Loading malformed XML documents can cause buffer overflows and cause a denial of service or execute arbitrary code.

tags | advisory, java, denial of service, overflow, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2006-2198, CVE-2006-2199, CVE-2006-3117
SHA-256 | deaefe6a689b0fc91e62a203448262cff8dbb4cb8432ae2e8ca49302d8c8b26f
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close