Code injection

2010-02-1619:30:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

76.8%

JSON

OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document.

CPENameOperatorVersion
openofficeeq2.0.4
openofficeeq2.4.1
openofficeeq3.1.1
ubuntu_linuxeq9.04
ubuntu_linuxeq8.10
ubuntu_linuxeq9.10
ubuntu_linuxeq8.04
debian_linuxeq5.0
debian_linuxeq4.0

Name	Operator	Version
openoffice	eq	2.0.4
openoffice	eq	2.4.1
openoffice	eq	3.1.1
ubuntu_linux	eq	9.04
ubuntu_linux	eq	8.10
ubuntu_linux	eq	9.10
ubuntu_linux	eq	8.04
debian_linux	eq	5.0
debian_linux	eq	4.0