content/security/cves/CVE-2006-3117.html - openoffice-org - Git at Google

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 <title>CVE-2006-3117</title>
   <style type="text/css">
 /*<![CDATA[*/
     hr { display: block }
   /*]]>*/
   </style>

 </head>
 <body>
 <h2>File Format, CVE-2006-3117</h2>
 <h3>File Format</h3>
 <ul>
   <li><strong>Synopsis</strong>: File Format / Buffer Overflow Vulnerability: Loading malformed XML documents can cause buffer overflows and crash OpenOffice.org.</li>
   <li><strong>Issue ID:</strong> 66866</li>
   <li><strong>State:</strong> Resolved</li>
 </ul>
 <h4> 1. Impact: </h4>
 <p> The buffer overflow allows for a value to be written to an arbitrary location in memory. This may lead to command execution in the context of the current user. </p>
 <p> This issue is also described in
 <br>
  CVE-2006-3117 at: <a HREF="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3117">http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3117</a>,
 <br>NGSSoftware Advisory,
 <a href="http://www.ngssoftware.com/advisories/openoffice.txt">
 http://www.ngssoftware.com/advisories/openoffice.txt</a>
 <br>
 Sun Alert 102501,
 <a href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-102501-1">
 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102501-1
 </a>
 </p>
 <h4> 2. Contributing Factors: </h4>
 <p> This issue can occur in the following releases:<strong> OpenOffice.org 1.1.x</strong> and <strong>OpenOffice.org 2.0.x</strong> </p>
 <h4> 3. Symptoms: </h4>
 <p> OpenOffice.org can crash due to internal buffer overflows when loading a malformed document. </p>
 <h4> 4. Relief/Workaround:</h4>
 <p> None.</p>
 <h4> 5. Resolution: </h4>
 <p><strong>OpenOffice.org 1.1.5 Patch, OpenOffice.org 2.0.3</strong></p>
 <h4> 6. Credits: </h4>
 <p>
 Wade Alcorn of NGSSoftware discovered the vulnerability and aided in the explanation/fix.
 </P>
 <p>&nbsp;</p>
     <hr />
     <p>
       <a href="//security/">Security Home</a> ->
         <a href="//security/bulletin.html">Bulletin</a> ->
         <a href="//security/cves/CVE-2006-3117.html">CVE-2006-3117</a>
     </p>
 </body>
 </html>
	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
	"http://www.w3.org/TR/html4/loose.dtd">
	<html>
	<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
	<title>CVE-2006-3117</title>
	<style type="text/css">
	/<![CDATA[/
	hr { display: block }
	/]]>/
	</style>

	</head>
	<body>
	<h2>File Format, CVE-2006-3117</h2>
	<h3>File Format</h3>
	<ul>
	<li><strong>Synopsis</strong>: File Format / Buffer Overflow Vulnerability: Loading malformed XML documents can cause buffer overflows and crash OpenOffice.org.</li>
	<li><strong>Issue ID:</strong> 66866</li>
	<li><strong>State:</strong> Resolved</li>
	</ul>
	<h4> 1. Impact: </h4>
	<p> The buffer overflow allows for a value to be written to an arbitrary location in memory. This may lead to command execution in the context of the current user. </p>
	<p> This issue is also described in
	<br>
	CVE-2006-3117 at: <a HREF="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3117">http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3117</a>,
	<br>NGSSoftware Advisory,
	<a href="http://www.ngssoftware.com/advisories/openoffice.txt">
	http://www.ngssoftware.com/advisories/openoffice.txt</a>
	<br>
	Sun Alert 102501,
	<a href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-102501-1">
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102501-1
	</a>
	</p>
	<h4> 2. Contributing Factors: </h4>
	<p> This issue can occur in the following releases:<strong> OpenOffice.org 1.1.x</strong> and <strong>OpenOffice.org 2.0.x</strong> </p>
	<h4> 3. Symptoms: </h4>
	<p> OpenOffice.org can crash due to internal buffer overflows when loading a malformed document. </p>
	<h4> 4. Relief/Workaround:</h4>
	<p> None.</p>
	<h4> 5. Resolution: </h4>
	<p><strong>OpenOffice.org 1.1.5 Patch, OpenOffice.org 2.0.3</strong></p>
	<h4> 6. Credits: </h4>
	<p>
	Wade Alcorn of NGSSoftware discovered the vulnerability and aided in the explanation/fix.
	</P>
	<p> </p>
	<hr />
	<p>
	<a href="//security/">Security Home</a> ->
	<a href="//security/bulletin.html">Bulletin</a> ->
	<a href="//security/cves/CVE-2006-3117.html">CVE-2006-3117</a>
	</p>
	</body>
	</html>