Vulnerability Description
OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Openoffice | 2.0.4 |
| Canonical | Ubuntu Linux | 8.04 |
| Debian | Debian Linux | 4.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.htmlThird Party Advisory
- http://secunia.com/advisories/38695Broken Link
- http://secunia.com/advisories/38921Broken Link
- http://securitytracker.com/id?1023588Broken LinkThird Party AdvisoryVDB Entry
- http://www.debian.org/security/2010/dsa-1995Third Party Advisory
- http://www.mail-archive.com/debian-openoffice%40lists.debian.org/msg23178.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:221Broken Link
- http://www.securityfocus.com/bid/38245Broken LinkThird Party AdvisoryVDB Entry
- http://www.ubuntu.com/usn/USN-903-1Third Party Advisory
- http://www.vupen.com/english/advisories/2010/0635Broken Link
- http://www.vupen.com/english/advisories/2010/2905Broken Link
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.htmlThird Party Advisory
- http://secunia.com/advisories/38695Broken Link
- http://secunia.com/advisories/38921Broken Link
- http://securitytracker.com/id?1023588Broken LinkThird Party AdvisoryVDB Entry
FAQ
What is CVE-2010-0136?
CVE-2010-0136 is a vulnerability with a CVSS score of 9.3 (HIGH). OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted ...
How severe is CVE-2010-0136?
CVE-2010-0136 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0136?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Openoffice, Canonical Ubuntu Linux, Debian Debian Linux.