CVE-2006-4513

Name of the Vulnerable Software and Affected Versions wvWare versions prior to 1.2.3

Description The issue is related to multiple integer overflows in the WV library of wvWare, which can be exploited by user-assisted remote attackers. This can be achieved through a crafted Microsoft Word (DOC) file that triggers large values, specifically (1) large LFO clfolvl values in the wvGetLFO records function or (2) a large LFO nolfo value in the wvGetFLO PLF function, allowing the execution of arbitrary code.

Recommendations For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted Microsoft Word (DOC) files until the update is applied.