OpenOffice.org Vulnerability in Macro Execution
CVE-2010-0395

Currently unrated

Key Information:

Vendor: Debian
Status: Debian Linux; Fedora; Opensuse; Ubuntu Linux
Vendor: CVE Published:; 10 June 2010

Summary

A vulnerability exists in OpenOffice.org versions 2.x and 3.0 prior to 3.2.1, which allows user-assisted remote attackers to exploit the system by bypassing Python macro security restrictions. This is achieved through a specially crafted OpenDocument Text (ODT) file that, when the macro directory structure is previewed, triggers the execution of arbitrary Python code. Users opening such crafted files may expose their systems to unauthorized actions by unwittingly allowing harmful scripts to execute.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://secunia.com/advisories/60799

third-party-advisoryx_refsource_SECUNIA

http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml

vendor-advisoryx_refsource_GENTOO

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 10, 2010
Vulnerability Reserved
Jan 27, 2010