CVE-2006-5870 : Detail

CVE-2006-5870

70.72%V3
Network
2007-01-04
10h00 +00:00
2018-10-17
18h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-189 Category : Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.

Metrics

Metrics Score Severity CVSS Vector Source
V2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Products Mentioned

Configuraton 0

Openoffice>>Openoffice >> Version To (including) 2.0.4

    Sun>>Staroffice >> Version 6.0

    Sun>>Staroffice >> Version 7.0

    Sun>>Staroffice >> Version 8.0

    References

    http://secunia.com/advisories/23683
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/23682
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://osvdb.org/32611
    Tags : vdb-entry, x_refsource_OSVDB
    http://secunia.com/advisories/23920
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/23600
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.ubuntu.com/usn/usn-406-1
    Tags : vendor-advisory, x_refsource_UBUNTU
    http://www.kb.cert.org/vuls/id/220288
    Tags : third-party-advisory, x_refsource_CERT-VN
    http://secunia.com/advisories/23612
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://sunsolve.sun.com/search/document.do?assetkey=1-26-102735-1
    Tags : vendor-advisory, x_refsource_SUNALERT
    http://secunia.com/advisories/23711
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200701-07.xml
    Tags : vendor-advisory, x_refsource_GENTOO
    http://osvdb.org/32610
    Tags : vdb-entry, x_refsource_OSVDB
    http://www.vupen.com/english/advisories/2007/0031
    Tags : vdb-entry, x_refsource_VUPEN
    http://secunia.com/advisories/23712
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/23616
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2007-0001.html
    Tags : vendor-advisory, x_refsource_REDHAT
    http://fedoranews.org/cms/node/2344
    Tags : vendor-advisory, x_refsource_FEDORA
    http://secunia.com/advisories/23620
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/23549
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/0059
    Tags : vdb-entry, x_refsource_VUPEN
    http://www.debian.org/security/2007/dsa-1246
    Tags : vendor-advisory, x_refsource_DEBIAN
    http://www.mandriva.com/security/advisories?name=MDKSA-2007:006
    Tags : vendor-advisory, x_refsource_MANDRIVA
    http://securitytracker.com/id?1017466
    Tags : vdb-entry, x_refsource_SECTRACK
    http://secunia.com/advisories/23762
    Tags : third-party-advisory, x_refsource_SECUNIA