CVE-2006-5870

Summary

CVE	CVE-2006-5870
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2006-12-31 05:00:00 UTC
Updated	2026-04-23 00:35:47 UTC
Description	Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.

Risk And Classification

Primary CVSS: v2.0 9.3 from [email protected]

AV:N/AC:M/Au:N/C:C/I:C/A:C

Problem Types: CWE-189 | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Openoffice	Openoffice	All	All	All	All
Application	Sun	Staroffice	6.0	All	All	All
Application	Sun	Staroffice	7.0	All	All	All
Application	Sun	Staroffice	8.0	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
OpenOffice WMF/EMF Processing Buffer Overflow Vulnerabilities - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Fedora update for openoffice.org - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
StarOffice WMF/EMF Processing Buffer Overflow Vulnerabilities - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Debian -- Security Information -- DSA-1246-1 openoffice.org	af854a3a-2127-422b-91ae-364da2661108	www.debian.org
Red Hat update for openoffice.org - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
issues.rpath.com/browse/RPL-905	af854a3a-2127-422b-91ae-364da2661108	issues.rpath.com
Debian update for openoffice.org - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Advisories - Research - Next Generation Security Software	af854a3a-2127-422b-91ae-364da2661108	www.ngssoftware.com
Gentoo update for openoffice - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
OpenOffice.org Office Suite Integer Overflow in Processing WMF/EMF Files Lets Remote Users Execute Arbitrary Code - SecurityTracker	af854a3a-2127-422b-91ae-364da2661108	securitytracker.com
USN-406-1: OpenOffice.org vulnerability \| Ubuntu	af854a3a-2127-422b-91ae-364da2661108	www.ubuntu.com
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
SuSE Security announcements: [suse-security-announce] SUSE Security Announcement: OpenOffice_org WMF buffer overflows (SUSE-SA:2007:001)	af854a3a-2127-422b-91ae-364da2661108	lists.suse.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com	Vendor Advisory
rhn.redhat.com \| Red Hat Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com	Patch, Vendor Advisory
archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmly	af854a3a-2127-422b-91ae-364da2661108	archives.neohapsis.com
Webmail- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com	Vendor Advisory
Mandriva update for OpenOffice.org - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
OpenOffice.org Files	af854a3a-2127-422b-91ae-364da2661108	www.openoffice.org
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com
Gentoo Linux Documentation -- OpenOffice.org: EMF/WMF file handling vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	security.gentoo.org
rPath update for openoffice.org - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
patches.sgi.com/support/free/security/advisories/20070101-01-P.asc	af854a3a-2127-422b-91ae-364da2661108	patches.sgi.com
SGI Advanced Linux Environment Multiple Updates - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
SUSE update for OpenOffice_org - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
US-CERT Vulnerability Note VU#220288	af854a3a-2127-422b-91ae-364da2661108	www.kb.cert.org	US Government Resource
#102735: Security Vulnerability With StarOffice/StarSuite Versions 6, 7 and 8 Related to the '.wmf' File Format	af854a3a-2127-422b-91ae-364da2661108	sunsolve.sun.com
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
Search by bug number	af854a3a-2127-422b-91ae-364da2661108	www.openoffice.org	Patch
osvdb.org/32610	af854a3a-2127-422b-91ae-364da2661108	osvdb.org
osvdb.org/32611	af854a3a-2127-422b-91ae-364da2661108	osvdb.org
Ubuntu update for openoffice.org - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Advisories - Mandriva Linux	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
[SECURITY] Fedora Core 6 Update: openoffice.org-2.0.4-5.5.10 \| FedoraNEWS.ORG	af854a3a-2127-422b-91ae-364da2661108	fedoranews.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

There are currently no legacy QID mappings associated with this CVE.