OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Suse
  • Linux Enterprise Desktop
Canonical
  • Ubuntu Linux
Apache
  • Openoffice
Fedoraproject
  • Fedora
Debian
  • Debian Linux
Opensuse
  • Opensuse

Configuration 1 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*
References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042468.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042529.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042534.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html Third Party Advisory
http://secunia.com/advisories/40070 Broken Link
http://secunia.com/advisories/40084 Broken Link
http://secunia.com/advisories/40104 Broken Link
http://secunia.com/advisories/40107 Broken Link
http://secunia.com/advisories/41818 Broken Link
http://secunia.com/advisories/60799 Broken Link
http://ubuntu.com/usn/usn-949-1 Third Party Advisory
http://www.debian.org/security/2010/dsa-2055 Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:221 Broken Link
http://www.openoffice.org/security/cves/CVE-2010-0395.html Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0459.html Broken Link
http://www.us-cert.gov/cas/techalerts/TA10-287A.html Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2010/1350 Broken Link Patch
http://www.vupen.com/english/advisories/2010/1353 Broken Link
http://www.vupen.com/english/advisories/2010/1366 Broken Link
http://www.vupen.com/english/advisories/2010/1369 Broken Link
http://www.vupen.com/english/advisories/2010/2905 Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=574119 Issue Tracking Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11091 Tool Signature
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-06-10T00:00:00

Updated: 2017-09-18T12:57:01

Reserved: 2010-01-27T00:00:00

Link: CVE-2010-0395

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2010-06-10T00:30:07.317

Modified: 2022-02-07T17:03:16.730

Link: CVE-2010-0395

JSON object: View

cve-icon Redhat Information

No data.

CWE