The Free and Open Productivity Suite
Released: Apache OpenOffice 4.1.15

Java Applets, CVE-2006-2199

Java Applets

1. Impact

A security vulnerability related to documents may allow certain Java applets to break through the "sandbox" and therefore have full access to system resources with current user privileges. The offending Applets may be constructed to destroy/replace files, read or send private data, and/or cause additional security issues.

This issue is also described in
Sun Alert 102475

2. Contributing Factors

This issue can occur in the following releases: 1.1.x, 2.0.x

3. Symptoms

There are no predictable symptoms that would indicate the described issue has been exploited.

4. Relief/Workaround

To work around the described issue, disable support for Java Applets (for by doing the following: 1.x :

In options dialog: Select --> Tools/Options/ --> uncheck "Enable Applets" 2.x

There is no longer a User Interface (UI) for configuring this option in 2.0; the change must be done in configuration files with a text editor. Add the following into your settings (typically) for this file "~/.openoffice2.0/user/registry/data/org/openoffice/Office/Common.xcu":

<node oor:name="Java">
<node oor:name="Applet">
<prop oor:name="Enable" oor:type="xs:boolean">

5. Resolution

This issue is addressed in the following releases: 1.1.5 Patch, 2.0.3


With the updated versions for, support for Java applets in will be disabled.


Security Home -> Bulletin -> CVE-2006-2199

Apache Software Foundation

Copyright & License | Privacy | Contact Us | Donate | Thanks

Apache, OpenOffice, and the seagull logo are registered trademarks of The Apache Software Foundation. The Apache feather logo is a trademark of The Apache Software Foundation. Other names appearing on the site may be trademarks of their respective owners.