7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
Loading malformed XML documents can cause buffer overflows in
OpenOffice.org, a free office suite, and cause a denial of service or
execute arbitrary code. Â It turned out that the correction in DSA
1104-1 was not sufficient, hence, another update. For completeness
please find the original advisory text below:
>
> Several vulnerabilities have been discovered in OpenOffice.org, a free
> office suite. The Common Vulnerabilities and Exposures Project
> identifies the following problems:
>
>
> * CVE-2006-2198
> It turned out to be possible to embed arbitrary BASIC macros in
> documents in a way that OpenOffice.org does not see them but
> executes them anyway without any user interaction.
> * CVE-2006-2199
> It is possible to evade the Java sandbox with specially crafted
> Java applets.
> * CVE-2006-3117
> Loading malformed XML documents can cause buffer overflows and
> cause a denial of service or execute arbitrary code.
>
>
> This update has the Mozilla component disabled, so that the
> Mozilla/LDAP addressbook feature won’t work anymore. It didn’t work on
> anything else than i386 on sarge either.
>
>
>
The old stable distribution (woody) does not contain OpenOffice.org
packages.
For the stable distribution (sarge) this problem has been fixed in
version 1.1.3-9sarge3.
For the unstable distribution (sid) this problem has been fixed in
version 2.0.3-1.
We recommend that you upgrade your OpenOffice.org packages.
CPE | Name | Operator | Version |
---|---|---|---|
openoffice.org | eq | 1.1.3-9sarge1 | |
openoffice.org | eq | 1.1.3-9 | |
openoffice.org | eq | 1.1.3-9sarge2 |