CVE-2006-4513 - Vulnerability Details - OpenCVE

Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wvware	Wvware

Configuration 1 [-]

cpe:2.3:a:wvware:wvware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=433
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=434
http://secunia.com/advisories/22595
http://secunia.com/advisories/22680
http://secunia.com/advisories/22705
http://secunia.com/advisories/23273
http://secunia.com/advisories/23335
http://security.gentoo.org/glsa/glsa-200612-01.xml
http://securitytracker.com/id?1017126
http://www.mandriva.com/security/advisories?name=MDKSA-2006:202
http://www.novell.com/linux/security/advisories/2006_28_sr.html
http://www.securityfocus.com/bid/20761
http://www.ubuntu.com/usn/usn-374-1
http://www.vupen.com/english/advisories/2006/4221
https://exchange.xforce.ibmcloud.com/vulnerabilities/29833

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-10-28T00:00:00

Updated: 2024-08-07T19:14:47.481Z

Reserved: 2006-08-31T00:00:00

Link: CVE-2006-4513

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-10-28T00:07:00.000

Modified: 2024-11-21T00:16:08.393

Link: CVE-2006-4513

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-26T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-4221", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4221"}, {"name": "1017126", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017126"}, {"name": "20061026 Multiple Vendor wvWare LFO Count Integer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=434"}, {"name": "22705", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22705"}, {"name": "SUSE-SR:2006:028", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"}, {"name": "GLSA-200612-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200612-01.xml"}, {"name": "MDKSA-2006:202", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:202"}, {"name": "23335", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23335"}, {"name": "22680", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22680"}, {"name": "23273", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23273"}, {"name": "22595", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22595"}, {"name": "20061026 Multiple Vendor wvWare LVL Count Integer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=433"}, {"name": "20761", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20761"}, {"name": "wvware-lfo-lvl-overflow(29833)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29833"}, {"name": "USN-374-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-374-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4513", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-4221", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4221"}, {"name": "1017126", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017126"}, {"name": "20061026 Multiple Vendor wvWare LFO Count Integer Overflow Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=434"}, {"name": "22705", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22705"}, {"name": "SUSE-SR:2006:028", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"}, {"name": "GLSA-200612-01", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200612-01.xml"}, {"name": "MDKSA-2006:202", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:202"}, {"name": "23335", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23335"}, {"name": "22680", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22680"}, {"name": "23273", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23273"}, {"name": "22595", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22595"}, {"name": "20061026 Multiple Vendor wvWare LVL Count Integer Overflow Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=433"}, {"name": "20761", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20761"}, {"name": "wvware-lfo-lvl-overflow(29833)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29833"}, {"name": "USN-374-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-374-1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:14:47.481Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-4221", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4221"}, {"name": "1017126", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017126"}, {"name": "20061026 Multiple Vendor wvWare LFO Count Integer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=434"}, {"name": "22705", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22705"}, {"name": "SUSE-SR:2006:028", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"}, {"name": "GLSA-200612-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200612-01.xml"}, {"name": "MDKSA-2006:202", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:202"}, {"name": "23335", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23335"}, {"name": "22680", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22680"}, {"name": "23273", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23273"}, {"name": "22595", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22595"}, {"name": "20061026 Multiple Vendor wvWare LVL Count Integer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=433"}, {"name": "20761", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20761"}, {"name": "wvware-lfo-lvl-overflow(29833)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29833"}, {"name": "USN-374-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-374-1"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4513", "datePublished": "2006-10-28T00:00:00", "dateReserved": "2006-08-31T00:00:00", "dateUpdated": "2024-08-07T19:14:47.481Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wvware:wvware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3A07000-2EB3-479F-936C-45BE0CEBCD79", "versionEndIncluding": "1.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de entero en la biblioteca WV en wvWare (anteriormente conocido como mswordview) versiones anteriores a 1.2.3, utilizado por AbiWord, KWord, y posiblemente otros productos, permiten a atacantes remotos con la intervenci\u00f3n del usuario, ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero manipulado Microsoft Word (DOC) que produce 1) valores elevados LFO clfolvl en la funci\u00f3n wvGetLFO_records \u00f3 (2) un valor elevado LFO nolfo en la funci\u00f3n wvGetFLO_PLF."}], "id": "CVE-2006-4513", "lastModified": "2024-11-21T00:16:08.393", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-10-28T00:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=433"}, {"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=434"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22595"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/22680"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/22705"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23273"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23335"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200612-01.xml"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017126"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:202"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/20761"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-374-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4221"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29833"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=433"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=434"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22595"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22680"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22705"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23273"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23335"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200612-01.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017126"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:202"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/20761"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-374-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4221"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29833"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect versions of wvWare library included in koffice packages as shipped with Red Hat Enterprise Linux 2.1", "lastModified": "2007-02-09T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}