Vulnerability Details CVE-2010-0136
OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.06
EPSS Ranking 90.1%
CVSS Severity
CVSS v2 Score 9.3
References
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html
- http://secunia.com/advisories/38695
- http://secunia.com/advisories/38921
- http://securitytracker.com/id?1023588
- http://www.debian.org/security/2010/dsa-1995
- http://www.mail-archive.com/debian-openoffice%40lists.debian.org/msg23178.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:221
- http://www.securityfocus.com/bid/38245
- http://www.ubuntu.com/usn/USN-903-1
- http://www.vupen.com/english/advisories/2010/0635
- http://www.vupen.com/english/advisories/2010/2905
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html
- http://secunia.com/advisories/38695
- http://secunia.com/advisories/38921
- http://securitytracker.com/id?1023588
- http://www.debian.org/security/2010/dsa-1995
- http://www.mail-archive.com/debian-openoffice%40lists.debian.org/msg23178.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:221
- http://www.securityfocus.com/bid/38245
- http://www.ubuntu.com/usn/USN-903-1
- http://www.vupen.com/english/advisories/2010/0635
- http://www.vupen.com/english/advisories/2010/2905
Products affected by CVE-2010-0136
-
cpe:2.3:a:apache:openoffice:2.0.4
-
cpe:2.3:a:apache:openoffice:2.4.1
-
cpe:2.3:a:apache:openoffice:3.1.1
-
cpe:2.3:o:canonical:ubuntu_linux:8.04
-
cpe:2.3:o:canonical:ubuntu_linux:8.10
-
cpe:2.3:o:canonical:ubuntu_linux:9.04
-
cpe:2.3:o:canonical:ubuntu_linux:9.10
-
cpe:2.3:o:debian:debian_linux:4.0
-
cpe:2.3:o:debian:debian_linux:5.0