Bug 566013 (CVE-2010-0136)
Summary: | CVE-2010-0136 openoffice.org: unenforced VBA macro security settings may lead to arbitrary macro execution | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED NOTABUG | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | caolanm, desktop-bugs, dtardon | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0136 | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2010-03-05 10:53:56 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Vincent Danen
2010-02-16 21:54:11 UTC
Created attachment 394694 [details]
sample document
This should be a ooo-build only problem in the 2.X.Y series. We don't use ooo-build for >= 1.X.Y so we shouldn't be affected by this fairly recent not-upstreamed-yet implementation-gone-awry. Sample document above can be used to verify that. i.e. loading it won't flip to sheet overview, etc. So this can be closed out in that case. Upstream commit: http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?id=6b2dcdd928b5851e32ba50198099bcaabec058fa This flaw exists in the implementation of VBA macros support for OpenOffice.org. This support is not (yet) part of upstream OpenOffice.org source, but only part of ooo-build / GO-OO patch set, which is not used in Red Hat OpenOffice.org packages version 2 and later. |