| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" |
| "http://www.w3.org/TR/html4/loose.dtd"> |
| <html> |
| <head> |
| <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> |
| <title>CVE-2006-3117</title> |
| <style type="text/css"> |
| /*<![CDATA[*/ |
| hr { display: block } |
| /*]]>*/ |
| </style> |
| |
| </head> |
| <body> |
| <h2>File Format, CVE-2006-3117</h2> |
| <h3>File Format</h3> |
| <ul> |
| <li><strong>Synopsis</strong>: File Format / Buffer Overflow Vulnerability: Loading malformed XML documents can cause buffer overflows and crash OpenOffice.org.</li> |
| <li><strong>Issue ID:</strong> 66866</li> |
| <li><strong>State:</strong> Resolved</li> |
| </ul> |
| <h4> 1. Impact: </h4> |
| <p> The buffer overflow allows for a value to be written to an arbitrary location in memory. This may lead to command execution in the context of the current user. </p> |
| <p> This issue is also described in |
| <br> |
| CVE-2006-3117 at: <a HREF="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3117">http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3117</a>, |
| <br>NGSSoftware Advisory, |
| <a href="http://www.ngssoftware.com/advisories/openoffice.txt"> |
| http://www.ngssoftware.com/advisories/openoffice.txt</a> |
| <br> |
| Sun Alert 102501, |
| <a href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-102501-1"> |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102501-1 |
| </a> |
| </p> |
| <h4> 2. Contributing Factors: </h4> |
| <p> This issue can occur in the following releases:<strong> OpenOffice.org 1.1.x</strong> and <strong>OpenOffice.org 2.0.x</strong> </p> |
| <h4> 3. Symptoms: </h4> |
| <p> OpenOffice.org can crash due to internal buffer overflows when loading a malformed document. </p> |
| <h4> 4. Relief/Workaround:</h4> |
| <p> None.</p> |
| <h4> 5. Resolution: </h4> |
| <p><strong>OpenOffice.org 1.1.5 Patch, OpenOffice.org 2.0.3</strong></p> |
| <h4> 6. Credits: </h4> |
| <p> |
| Wade Alcorn of NGSSoftware discovered the vulnerability and aided in the explanation/fix. |
| </P> |
| <p> </p> |
| <hr /> |
| <p> |
| <a href="//security/">Security Home</a> -> |
| <a href="//security/bulletin.html">Bulletin</a> -> |
| <a href="//security/cves/CVE-2006-3117.html">CVE-2006-3117</a> |
| </p> |
| </body> |
| </html> |