CVE-2006-5870

Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.

🔗 References (78)

• cve@mitreftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc
• cve@mitrehttp://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmly
• cve@mitrehttp://fedoranews.org/cms/node/2344
• cve@mitrehttp://lists.suse.com/archive/suse-security-announce/2007-Jan/0001.html
• cve@mitrehttp://osvdb.org/32610
• cve@mitrehttp://osvdb.org/32611
• cve@mitrehttp://secunia.com/advisories/23549
• cve@mitrehttp://secunia.com/advisories/23600
• cve@mitrehttp://secunia.com/advisories/23612
• cve@mitrehttp://secunia.com/advisories/23616
• cve@mitrehttp://secunia.com/advisories/23620
• cve@mitrehttp://secunia.com/advisories/23682
• cve@mitrehttp://secunia.com/advisories/23683
• cve@mitrehttp://secunia.com/advisories/23711
• cve@mitrehttp://secunia.com/advisories/23712