CVE-2006-2199 - Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2

CVE-2006-2199

Summary

Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents.

References

Vulnerable Configurations

cpe:2.3:a:openoffice:openoffice:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:staroffice:6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:staroffice:6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:staroffice:7.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:staroffice:7.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:staroffice:8.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:staroffice:8.0:*:*:*:*:*:*:*

CVSS

Base:	7.6 (as of 18-10-2018 - 16:38)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:H/Au:N/C:C/I:C/A:C

oval via4

accepted

2013-04-29T04:13:21.438-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:11338

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa

id	RHSA-2006:0573

rpms

openoffice.org-0:1.1.2-34.2.0.EL3
openoffice.org-0:1.1.2-34.6.0.EL4
openoffice.org-debuginfo-0:1.1.2-34.2.0.EL3
openoffice.org-debuginfo-0:1.1.2-34.6.0.EL4
openoffice.org-i18n-0:1.1.2-34.2.0.EL3
openoffice.org-i18n-0:1.1.2-34.6.0.EL4
openoffice.org-kde-0:1.1.2-34.6.0.EL4
openoffice.org-libs-0:1.1.2-34.2.0.EL3
openoffice.org-libs-0:1.1.2-34.6.0.EL4

refmap via4

bid	18737
bugtraq	20060926 rPSA-2006-0173-1 openoffice.org
cert-vn	VU#243681
confirm	http://www.openoffice.org/security/CVE-2006-2199.html https://issues.rpath.com/browse/RPL-475
debian	DSA-1104
fedora	FEDORA-2007-005
gentoo	GLSA-200607-12
mandriva	MDKSA-2006:118
sectrack	1016414
secunia	20867 20893 20910 20911 20913 20975 20995 21278 23620
sunalert	102475
suse	SUSE-SA:2006:040
ubuntu	USN-313-1 USN-313-2
vupen	ADV-2006-2607 ADV-2006-2621
xf	openoffice-applet-sandbox-bypass(27569)

Last major update

18-10-2018 - 16:38

Published

30-06-2006 - 18:05

Last modified

18-10-2018 - 16:38