The Free and Open Productivity Suite
Follow us on Twitter: @ApacheOO

File Format, CVE-2006-3117

File Format

1. Impact:

The buffer overflow allows for a value to be written to an arbitrary location in memory. This may lead to command execution in the context of the current user.

This issue is also described in
CVE-2006-3117 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3117,
NGSSoftware Advisory, http://www.ngssoftware.com/advisories/openoffice.txt
Sun Alert 102501, http://sunsolve.sun.com/search/document.do?assetkey=1-26-102501-1

2. Contributing Factors:

This issue can occur in the following releases: OpenOffice.org 1.1.x and OpenOffice.org 2.0.x

3. Symptoms:

OpenOffice.org can crash due to internal buffer overflows when loading a malformed document.

4. Relief/Workaround:

None.

5. Resolution:

OpenOffice.org 1.1.5 Patch, OpenOffice.org 2.0.3

6. Credits:

Wade Alcorn of NGSSoftware discovered the vulnerability and aided in the explanation/fix.

 


Security Home -> Bulletin -> CVE-2006-3117

Apache Software Foundation

Copyright & License | Privacy | Website Feedback | Contact Us | Donate | Thanks

Apache, the Apache feather logo, and OpenOffice are trademarks of The Apache Software Foundation. OpenOffice.org and the seagull logo are registered trademarks of The Apache Software Foundation. Other names appearing on the site may be trademarks of their respective owners.