CVE-2006-2198

CWE-2649 documents6 sources

Severity

7.6HIGH

EPSS

7.8%

top 8.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openoffice Openoffice SUN Staroffice

Timeline

PublishedJun 30

Latest updateMay 1

Description

OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

▶NVDopenoffice/openoffice22 versions+21

▶NVDsun/staroffice7.0, 8.0+1

Patches

Patch: sunsolve.sun.com ↗Patch: www.openoffice.org ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-pp72-j4xc-h27c: OpenOffice↗2022-05-01

▶

CVEList

CVE-2006-2198: OpenOffice↗2006-06-30

▶

📋Vendor Advisories

Ubuntu

OpenOffice.org vulnerabilities↗2006-07-19

▶

Ubuntu

OpenOffice.org vulnerabilities↗2006-07-12

▶

Red Hat

security flaw↗2006-06-29

▶

💬Community

Bugzilla

CVE-2006-2198 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-2198 various OOo advisories (CVE-2006-2199, CVE-2006-3117)↗2006-06-26

▶

Bugzilla

CVE-2006-2198 various OOo advisories (CVE-2006-2199, CVE-2006-3117)↗2006-06-26

▶