Bug 566013 (CVE-2010-0136)

Summary:

CVE-2010-0136 openoffice.org: unenforced VBA macro security settings may lead to arbitrary macro execution

Product:

[Other] Security Response

Reporter:

Vincent Danen <vdanen>

Component:

vulnerability

Assignee:

Red Hat Product Security <security-response-team>

Status:

CLOSED NOTABUG

QA Contact:

Severity:

medium

Docs Contact:

Priority:

medium

Version:

unspecified

CC:

caolanm, desktop-bugs, dtardon

Target Milestone:

---

Keywords:

Security

Target Release:

---

Hardware:

All

OS:

Linux

URL:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0136

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2010-03-05 10:53:56 UTC

Type:

---

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
sample document	none

Description Vincent Danen 2010-02-16 21:54:11 UTC

Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0136 to
the following vulnerability:

OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce
Visual Basic for Applications (VBA) macro security settings, which
allows remote attackers to run arbitrary macros via a crafted
document.

References:
http://www.mail-archive.com/debian-openoffice@lists.debian.org/msg23178.html
http://www.debian.org/security/2010/dsa-1995
http://www.securityfocus.com/bid/38245
http://securitytracker.com/id?1023588

Comment 4 Caolan McNamara 2010-02-17 08:42:07 UTC

Created attachment 394694 [details]
sample document

Comment 5 Caolan McNamara 2010-02-17 08:47:42 UTC

This should be a ooo-build only problem in the 2.X.Y series. We don't use ooo-build for >= 1.X.Y so we shouldn't be affected by this fairly recent not-upstreamed-yet implementation-gone-awry. Sample document above can be used to verify that. i.e. loading it won't flip to sheet overview, etc. So this can be closed out in that case.

Comment 6 Tomas Hoger 2010-03-05 10:50:43 UTC

Upstream commit:
http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?id=6b2dcdd928b5851e32ba50198099bcaabec058fa

Comment 7 Tomas Hoger 2010-03-05 10:53:56 UTC

This flaw exists in the implementation of VBA macros support for OpenOffice.org.  This support is not (yet) part of upstream OpenOffice.org source, but only part of ooo-build / GO-OO patch set, which is not used in Red Hat OpenOffice.org packages version 2 and later.