content/security/cves/CVE-2006-2198.html - openoffice-org - Git at Google

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 <title>CVE-2006-2198</title>
   <style type="text/css">
 /*<![CDATA[*/
     hr { display: block }
   /*]]>*/
   </style>
 </head>
 <body>
 <h2>Macro, CVE-2006-2198</h2>
 <h3>Macro Vulnerability</h3>
 <ul>
   <li> <strong>Synopsis: </strong>Security Vulnerability With Macros in OpenOffice.org
   <li> <strong>Issue ID: </strong>66863
   <li> <strong>State: </strong>Resolved
 </ul>
 <h4>1. Impact</h4>
 <p>A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon loading of the document. The user will not be asked or notified and the macro will have full access to system resources with current user's privileges. As a result, the macro may delete/replace files, read/send private data and/or cause additional security issues.</p>
 <p><b>Note:</b> Disabling document macros will not prevent this issue.</p>
 <p>
 This issue is also described in<br>
 CVE-2006-2198, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2198">http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2198</a>,
 <br>
 Sun Alert 102490,
 <a href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-102490-1">
 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102490-1</a>
 </p>
 <h4>2. Contributing Factors</h4>
 <p>This issue can occur in the following releases:</p>
 <p><strong>OpenOffice.org 1.1.x,</strong> <strong>OpenOffice.org 2.0.x</strong></p>
 <h4>3. Symptoms</h4>
 <p>There are no predictable symptoms that would indicate the described issue has been exploited.</p>
 <h4>4. Relief/Workaround</h4>
 <p>There is no workaround. Please see the &quot;Resolution&quot; section below.</p>
 <h4>5. Resolution</h4>
 <p>This issue is addressed in the following releases:</p>
 <p><strong>OpenOffice.org 1.1.5 Patch, OpenOffice.org 2.0.3</strong></p>
     <hr />
     <p>
       <a href="//security/">Security Home</a> ->
         <a href="//security/bulletin.html">Bulletin</a> ->
         <a href="//security/cves/CVE-2006-2198.html">CVE-2006-2198</a>
     </p>
 </body>
 </html>
	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
	"http://www.w3.org/TR/html4/loose.dtd">
	<html>
	<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
	<title>CVE-2006-2198</title>
	<style type="text/css">
	/<![CDATA[/
	hr { display: block }
	/]]>/
	</style>
	</head>
	<body>
	<h2>Macro, CVE-2006-2198</h2>
	<h3>Macro Vulnerability</h3>
	<ul>
	<li> <strong>Synopsis: </strong>Security Vulnerability With Macros in OpenOffice.org
	<li> <strong>Issue ID: </strong>66863
	<li> <strong>State: </strong>Resolved
	</ul>
	<h4>1. Impact</h4>
	<p>A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon loading of the document. The user will not be asked or notified and the macro will have full access to system resources with current user's privileges. As a result, the macro may delete/replace files, read/send private data and/or cause additional security issues.</p>
	<p><b>Note:</b> Disabling document macros will not prevent this issue.</p>
	<p>
	This issue is also described in<br>
	CVE-2006-2198, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2198">http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2198</a>,
	<br>
	Sun Alert 102490,
	<a href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-102490-1">
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102490-1</a>
	</p>
	<h4>2. Contributing Factors</h4>
	<p>This issue can occur in the following releases:</p>
	<p><strong>OpenOffice.org 1.1.x,</strong> <strong>OpenOffice.org 2.0.x</strong></p>
	<h4>3. Symptoms</h4>
	<p>There are no predictable symptoms that would indicate the described issue has been exploited.</p>
	<h4>4. Relief/Workaround</h4>
	<p>There is no workaround. Please see the "Resolution" section below.</p>
	<h4>5. Resolution</h4>
	<p>This issue is addressed in the following releases:</p>
	<p><strong>OpenOffice.org 1.1.5 Patch, OpenOffice.org 2.0.3</strong></p>
	<hr />
	<p>
	<a href="//security/">Security Home</a> ->
	<a href="//security/bulletin.html">Bulletin</a> ->
	<a href="//security/cves/CVE-2006-2198.html">CVE-2006-2198</a>
	</p>
	</body>
	</html>