OpenOffice VBA Macro Security Controls Can Be Bypassed
|
|
SecurityTracker Alert ID: 1023588 |
|
SecurityTracker URL: http://securitytracker.com/id/1023588
|
|
CVE Reference:
CVE-2010-0136
(Links to External Site)
|
Date: Feb 12 2010
|
Impact:
Execution of arbitrary code via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.2 and prior versions
|
Description:
A vulnerability was reported in OpenOffice. A remote user can bypass VBA macro security controls.
A remote user can create a specially crafted document that, when loaded by the target user, will execute a VBA macro with the ability to bypass macro security controls.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute VBA macros on the target user's system.
|
Solution:
The vendor has issued a source code fix.
|
Vendor URL: www.openoffice.org/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 12 Feb 2010 19:40:26 +0000
Subject: OpenOffice
|
CVE-2010-0136
It was discovered that macro security settings were insufficiently
enforced for VBA macros.
|
|
