CVE-2006-3117

CWE-119 — Buffer Overflow9 documents6 sources

Severity

7.6HIGH

EPSS

4.6%

top 10.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openoffice Openoffice SUN Staroffice

Timeline

PublishedJun 30

Latest updateMay 1

Description

Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability."

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

▶NVDopenoffice/openoffice9 versions+8

▶NVDsun/staroffice6.0, 7.0, 8.0+2

Patches

Patch: sunsolve.sun.com ↗Patch: www.ngssoftware.com ↗Patch: www.openoffice.org ↗

🔴Vulnerability Details

GHSA

GHSA-9hrj-83rp-h2c6: Heap-based buffer overflow in OpenOffice↗2022-05-01

▶

CVEList

CVE-2006-3117: Heap-based buffer overflow in OpenOffice↗2006-06-30

▶

📋Vendor Advisories

Ubuntu

OpenOffice.org vulnerabilities↗2006-07-19

▶

Ubuntu

OpenOffice.org vulnerabilities↗2006-07-12

▶

Red Hat

security flaw↗2006-06-29

▶

💬Community

Bugzilla

CVE-2006-3117 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-2198 various OOo advisories (CVE-2006-2199, CVE-2006-3117)↗2006-06-26

▶

Bugzilla

CVE-2006-2198 various OOo advisories (CVE-2006-2199, CVE-2006-3117)↗2006-06-26

▶