CVE-2010-0136

CWE-77 — Command Injection6 documents6 sources

Severity

9.3CRITICAL

EPSS

4.5%

top 10.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Openoffice Canonical Ubuntu Linux Debian Debian Linux

Timeline

PublishedFeb 16

Latest updateMay 2

Description

OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapache/openoffice2.0.4, 2.4.1, 3.1.1+2

Also affects: Debian Linux 4.0, 5.0, Ubuntu Linux 8.04, 8.10, 9.04, 9.10

🔴Vulnerability Details

GHSA

GHSA-4g9j-hp5m-7j2p: OpenOffice↗2022-05-02

▶

CVEList

CVE-2010-0136: OpenOffice↗2010-02-16

▶

📋Vendor Advisories

Ubuntu

OpenOffice.org vulnerabilities↗2010-02-24

▶

Red Hat

openoffice.org: unenforced VBA macro security settings may lead to arbitrary macro execution↗2010-02-12

▶

💬Community

Bugzilla

CVE-2010-0136 openoffice.org: unenforced VBA macro security settings may lead to arbitrary macro execution↗2010-02-16

▶