English:

The Free and Open Productivity Suite
New: Apache OpenOffice 4.1.1 released!

Macro, CVE-2006-2198

Macro Vulnerability

1. Impact

A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon loading of the document. The user will not be asked or notified and the macro will have full access to system resources with current user's privileges. As a result, the macro may delete/replace files, read/send private data and/or cause additional security issues.

Note: Disabling document macros will not prevent this issue.

This issue is also described in
CVE-2006-2198, http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2198,
Sun Alert 102490, http://sunsolve.sun.com/search/document.do?assetkey=1-26-102490-1

2. Contributing Factors

This issue can occur in the following releases:

OpenOffice.org 1.1.x, OpenOffice.org 2.0.x

3. Symptoms

There are no predictable symptoms that would indicate the described issue has been exploited.

4. Relief/Workaround

There is no workaround. Please see the "Resolution" section below.

5. Resolution

This issue is addressed in the following releases:

OpenOffice.org 1.1.5 Patch, OpenOffice.org 2.0.3


Security Home -> Bulletin -> CVE-2006-2198

Apache Software Foundation

Apache Software Foundation

Copyright & License | Privacy | Website Feedback | Contact Us | Donate | Thanks

Apache, the Apache feather logo, and OpenOffice are trademarks of The Apache Software Foundation. OpenOffice.org and the seagull logo are registered trademarks of The Apache Software Foundation. Other names appearing on the site may be trademarks of their respective owners.