OpenOffice.org Vulnerability in Macro Execution
CVE-2010-0395

Currently unrated

Key Information:

Vendor

Debian
Status
Debian Linux
Fedora
Opensuse
Ubuntu Linux
Vendor
CVE Published:
10 June 2010

What is CVE-2010-0395?

A vulnerability exists in OpenOffice.org versions 2.x and 3.0 prior to 3.2.1, which allows user-assisted remote attackers to exploit the system by bypassing Python macro security restrictions. This is achieved through a specially crafted OpenDocument Text (ODT) file that, when the macro directory structure is previewed, triggers the execution of arbitrary Python code. Users opening such crafted files may expose their systems to unauthorized actions by unwittingly allowing harmful scripts to execute.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
http://secunia.com/advisories/60799
third-party-advisoryx_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
vendor-advisoryx_refsource_GENTOO

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.