CVE-2010-0136

2010-02-1619:30:00

CWE-77

[email protected]

web.nvd.nist.gov

cve-2010-0136

openoffice.org

ooo

vba

macro security

remote attackers

6.4 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

77.3%

JSON

OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document.

CPENameOperatorVersion
apache:openofficeapache openofficeeq2.0.4
apache:openofficeapache openofficeeq2.4.1
apache:openofficeapache openofficeeq3.1.1
debian:debian_linuxdebian debian linuxeq5.0
debian:debian_linuxdebian debian linuxeq4.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq9.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq9.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04

CPE	Name	Operator	Version
apache:openoffice	apache openoffice	eq	2.0.4
apache:openoffice	apache openoffice	eq	2.4.1
apache:openoffice	apache openoffice	eq	3.1.1
debian:debian_linux	debian debian linux	eq	5.0
debian:debian_linux	debian debian linux	eq	4.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	9.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	9.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.04