File Format, CVE-2006-3117
- Synopsis: File Format / Buffer Overflow Vulnerability: Loading malformed XML documents can cause buffer overflows and crash OpenOffice.org.
- Issue ID: 66866
- State: Resolved
The buffer overflow allows for a value to be written to an arbitrary location in memory. This may lead to command execution in the context of the current user.
This issue is also described in
CVE-2006-3117 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3117,
NGSSoftware Advisory, http://www.ngssoftware.com/advisories/openoffice.txt
Sun Alert 102501, http://sunsolve.sun.com/search/document.do?assetkey=1-26-102501-1
2. Contributing Factors:
This issue can occur in the following releases: OpenOffice.org 1.1.x and OpenOffice.org 2.0.x
OpenOffice.org can crash due to internal buffer overflows when loading a malformed document.
OpenOffice.org 1.1.5 Patch, OpenOffice.org 2.0.3
Wade Alcorn of NGSSoftware discovered the vulnerability and aided in the explanation/fix.