Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2006:202 (wv)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57636

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2006:202 (wv)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to wv
announced via advisory MDKSA-2006:202.

Multiple integer overflows in the WV library in wvWare (formerly
mswordview) before 1.2.3, as used by AbiWord?, KWord, and possibly
other products, allow user-assisted remote attackers to execute
arbitrary code via a crafted Microsoft Word (DOC) file that produces
(1) large LFO clfolvl values in the wvGetLFO_records function or (2) a
large LFO nolfo value in the wvGetFLO_PLF function.

Updated packages have been patched to correct these issues.

Affected: 2006.0, 2007.0, Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:202

Risk factor : High

CVSS Score:
5.1

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-4513
BugTraq ID: 20761
http://www.securityfocus.com/bid/20761
http://security.gentoo.org/glsa/glsa-200612-01.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=434
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=433
http://www.mandriva.com/security/advisories?name=MDKSA-2006:202
http://securitytracker.com/id?1017126
http://secunia.com/advisories/22595
http://secunia.com/advisories/22680
http://secunia.com/advisories/22705
http://secunia.com/advisories/23273
http://secunia.com/advisories/23335
SuSE Security Announcement: SUSE-SR:2006:028 (Google Search)
http://www.novell.com/linux/security/advisories/2006_28_sr.html
http://www.ubuntu.com/usn/usn-374-1
http://www.vupen.com/english/advisories/2006/4221
XForce ISS Database: wvware-lfo-lvl-overflow(29833)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29833

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57636
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:202 (wv)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to wv announced via advisory MDKSA-2006:202. Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord?, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function. Updated packages have been patched to correct these issues. Affected: 2006.0, 2007.0, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:202 Risk factor : High CVSS Score: 5.1
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4513 BugTraq ID: 20761 http://www.securityfocus.com/bid/20761 http://security.gentoo.org/glsa/glsa-200612-01.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=434 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=433 http://www.mandriva.com/security/advisories?name=MDKSA-2006:202 http://securitytracker.com/id?1017126 http://secunia.com/advisories/22595 http://secunia.com/advisories/22680 http://secunia.com/advisories/22705 http://secunia.com/advisories/23273 http://secunia.com/advisories/23335 SuSE Security Announcement: SUSE-SR:2006:028 (Google Search) http://www.novell.com/linux/security/advisories/2006_28_sr.html http://www.ubuntu.com/usn/usn-374-1 http://www.vupen.com/english/advisories/2006/4221 XForce ISS Database: wvware-lfo-lvl-overflow(29833) https://exchange.xforce.ibmcloud.com/vulnerabilities/29833
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com