Description
OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document.
Affected products
- apache / openoffice2.0.4 – 2.0.4
- apache / openoffice2.4.1 – 2.4.1
- apache / openoffice3.1.1 – 3.1.1
- Canonical / Ubuntu Linux8.04 – 8.04
- Canonical / Ubuntu Linux8.10 – 8.10
- Canonical / Ubuntu Linux9.04 – 9.04
- Canonical / Ubuntu Linux9.10 – 9.10
- Debian / debian_linux4.0 – 4.0
- Debian / debian_linux5.0 – 5.0
References
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:221
- VENDOR_ADVISORYhttp://secunia.com/advisories/38695
- VENDOR_ADVISORYhttp://www.debian.org/security/2010/dsa-1995
- MISChttp://securitytracker.com/id?1023588
- VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-903-1
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html
- MAILING_LISThttp://www.mail-archive.com/debian-openoffice%40lists.debian.org/msg23178.html
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/0635
- MISChttp://www.securityfocus.com/bid/38245
- VENDOR_ADVISORYhttp://secunia.com/advisories/38921
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/2905