{"api_version":"1","generated_at":"2026-04-22T23:21:52+00:00","cve":"CVE-2006-5870","urls":{"html":"https://cve.report/CVE-2006-5870","api":"https://cve.report/api/cve/CVE-2006-5870.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-5870","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-5870"},"summary":{"title":"CVE-2006-5870","description":"Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-12-31 05:00:00","updated_at":"2018-10-17 21:45:00"},"problem_types":["CWE-189"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/archive/1/455947/100/0/threaded","name":"20070104 Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23920","name":"23920","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"SGI Advanced Linux Environment Multiple Updates - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openoffice.org/issues/show_bug.cgi?id=70042","name":"http://www.openoffice.org/issues/show_bug.cgi?id=70042","refsource":"CONFIRM","tags":["Patch"],"title":"Search by bug number","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8280","name":"oval:org.mitre.oval:def:8280","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1017466","name":"1017466","refsource":"SECTRACK","tags":[],"title":"OpenOffice.org Office Suite Integer Overflow in Processing WMF/EMF Files Lets Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://fedoranews.org/cms/node/2344","name":"FEDORA-2007-005","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora Core 6 Update: openoffice.org-2.0.4-5.5.10 | FedoraNEWS.ORG","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200701-07.xml","name":"GLSA-200701-07","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n  OpenOffice.org: EMF/WMF file handling vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102735-1","name":"102735","refsource":"SUNALERT","tags":[],"title":"#102735: Security Vulnerability With StarOffice/StarSuite Versions 6, 7 and 8 Related to the '.wmf' File Format","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/23616","name":"23616","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Red Hat update for openoffice.org - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/32610","name":"32610","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://secunia.com/advisories/23600","name":"23600","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"StarOffice WMF/EMF Processing Buffer Overflow Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patch","name":"http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patch","refsource":"CONFIRM","tags":[],"title":"OpenOffice.org Files","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/0031","name":"ADV-2007-0031","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.suse.com/archive/suse-security-announce/2007-Jan/0001.html","name":"SUSE-SA:2007:001","refsource":"SUSE","tags":[],"title":"SuSE Security announcements: [suse-security-announce] SUSE Security Announcement: OpenOffice_org WMF buffer overflows (SUSE-SA:2007:001)","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/23711","name":"23711","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Ubuntu update for openoffice.org - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://issues.rpath.com/browse/RPL-905","name":"https://issues.rpath.com/browse/RPL-905","refsource":"CONFIRM","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://secunia.com/advisories/23620","name":"23620","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Fedora update for openoffice.org - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/455954/100/0/threaded","name":"20070104 Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23612","name":"23612","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"OpenOffice WMF/EMF Processing Buffer Overflow Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/usn-406-1","name":"USN-406-1","refsource":"UBUNTU","tags":[],"title":"USN-406-1: OpenOffice.org vulnerability | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:006","name":"MDKSA-2007:006","refsource":"MANDRIVA","tags":[],"title":"Advisories - Mandriva Linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23762","name":"23762","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Gentoo update for openoffice - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/0059","name":"ADV-2007-0059","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/32611","name":"32611","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securityfocus.com/archive/1/455943/100/0/threaded","name":"20070104 Correction (High Risk Vulnerability in the OpenOffice and StarOffice Suites)","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/","name":"http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/","refsource":"MISC","tags":[],"title":"Advisories - Research - Next Generation Security Software","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/23682","name":"23682","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"rPath update for openoffice.org - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/456271/100/100/threaded","name":"20070108 rPSA-2007-0001-1 openoffice.org","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23712","name":"23712","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Mandriva update for OpenOffice.org - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9145","name":"oval:org.mitre.oval:def:9145","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23683","name":"23683","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Debian update for openoffice.org - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/31257","name":"openoffice-wmf-bo(31257)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2007/dsa-1246","name":"DSA-1246","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-1246-1 openoffice.org","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/220288","name":"VU#220288","refsource":"CERT-VN","tags":["US Government Resource"],"title":"US-CERT Vulnerability Note VU#220288","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23549","name":"23549","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"SUSE update for OpenOffice_org - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/455964/100/0/threaded","name":"20070104 High Risk Vulnerability in the OpenOffice and StarOffice Suites","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2007-0001.html","name":"RHSA-2007:0001","refsource":"REDHAT","tags":["Patch","Vendor Advisory"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc","name":"20070101-01-P","refsource":"SGI","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmly","name":"20070104 High Risk Vulnerability in the OpenOffice and StarOffice Suites","refsource":"VULNWATCH","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-5870","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-5870","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"5870","vulnerable":"1","versionEndIncluding":"2.0.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openoffice","cpe5":"openoffice","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"5870","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"staroffice","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"5870","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"staroffice","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"5870","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"staroffice","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"5870","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"staroffice","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"5870","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"staroffice","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"5870","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"staroffice","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[{"cvename":"CVE-2006-5870","organization":"Red Hat","lastmodified":"2007-03-14","contributor":"Mark J Cox","statementText":"Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.","cve_year":"2006","cve_id":"5870","crc32":"e4ada83e"}],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-5870","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"oval:org.mitre.oval:def:9145","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9145"},{"name":"http://www.openoffice.org/issues/show_bug.cgi?id=70042","refsource":"CONFIRM","url":"http://www.openoffice.org/issues/show_bug.cgi?id=70042"},{"name":"23683","refsource":"SECUNIA","url":"http://secunia.com/advisories/23683"},{"name":"http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/","refsource":"MISC","url":"http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-staroffice-suite/"},{"name":"23682","refsource":"SECUNIA","url":"http://secunia.com/advisories/23682"},{"name":"32611","refsource":"OSVDB","url":"http://osvdb.org/32611"},{"name":"20070104 Correction (High Risk Vulnerability in the OpenOffice and StarOffice Suites)","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/455943/100/0/threaded"},{"name":"23920","refsource":"SECUNIA","url":"http://secunia.com/advisories/23920"},{"name":"23600","refsource":"SECUNIA","url":"http://secunia.com/advisories/23600"},{"name":"USN-406-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/usn-406-1"},{"name":"VU#220288","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/220288"},{"name":"23612","refsource":"SECUNIA","url":"http://secunia.com/advisories/23612"},{"name":"102735","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102735-1"},{"name":"SUSE-SA:2007:001","refsource":"SUSE","url":"http://lists.suse.com/archive/suse-security-announce/2007-Jan/0001.html"},{"name":"20070104 High Risk Vulnerability in the OpenOffice and StarOffice Suites","refsource":"VULNWATCH","url":"http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmly"},{"name":"23711","refsource":"SECUNIA","url":"http://secunia.com/advisories/23711"},{"name":"GLSA-200701-07","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-200701-07.xml"},{"name":"32610","refsource":"OSVDB","url":"http://osvdb.org/32610"},{"name":"ADV-2007-0031","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/0031"},{"name":"23712","refsource":"SECUNIA","url":"http://secunia.com/advisories/23712"},{"name":"20070104 Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/455947/100/0/threaded"},{"name":"23616","refsource":"SECUNIA","url":"http://secunia.com/advisories/23616"},{"name":"RHSA-2007:0001","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2007-0001.html"},{"name":"FEDORA-2007-005","refsource":"FEDORA","url":"http://fedoranews.org/cms/node/2344"},{"name":"https://issues.rpath.com/browse/RPL-905","refsource":"CONFIRM","url":"https://issues.rpath.com/browse/RPL-905"},{"name":"http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patch","refsource":"CONFIRM","url":"http://www.openoffice.org/nonav/issues/showattachment.cgi/39509/alloc.overflows.wmf.patch"},{"name":"20070104 Re: [VulnWatch] High Risk Vulnerability in the OpenOffice and StarOffice Suites","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/455954/100/0/threaded"},{"name":"oval:org.mitre.oval:def:8280","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8280"},{"name":"23620","refsource":"SECUNIA","url":"http://secunia.com/advisories/23620"},{"name":"openoffice-wmf-bo(31257)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/31257"},{"name":"23549","refsource":"SECUNIA","url":"http://secunia.com/advisories/23549"},{"name":"ADV-2007-0059","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/0059"},{"name":"20070104 High Risk Vulnerability in the OpenOffice and StarOffice Suites","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/455964/100/0/threaded"},{"name":"20070108 rPSA-2007-0001-1 openoffice.org","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/456271/100/100/threaded"},{"name":"DSA-1246","refsource":"DEBIAN","url":"http://www.debian.org/security/2007/dsa-1246"},{"name":"20070101-01-P","refsource":"SGI","url":"ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc"},{"name":"MDKSA-2007:006","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:006"},{"name":"1017466","refsource":"SECTRACK","url":"http://securitytracker.com/id?1017466"},{"name":"23762","refsource":"SECUNIA","url":"http://secunia.com/advisories/23762"}]}},"nvd":{"publishedDate":"2006-12-31 05:00:00","lastModifiedDate":"2018-10-17 21:45:00","problem_types":["CWE-189"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openoffice:openoffice:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sun:staroffice:6.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sun:staroffice:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sun:staroffice:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"5870","Ordinal":"21216","Title":"CVE-2006-5870","CVE":"CVE-2006-5870","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"5870","Ordinal":"1","NoteData":"Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"5870","Ordinal":"2","NoteData":"2007-01-04","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"5870","Ordinal":"3","NoteData":"2018-10-17","Type":"Other","Title":"Modified"}]}}}