Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0136 to
the following vulnerability:
OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce
Visual Basic for Applications (VBA) macro security settings, which
allows remote attackers to run arbitrary macros via a crafted
Created attachment 394694 [details]
This should be a ooo-build only problem in the 2.X.Y series. We don't use ooo-build for >= 1.X.Y so we shouldn't be affected by this fairly recent not-upstreamed-yet implementation-gone-awry. Sample document above can be used to verify that. i.e. loading it won't flip to sheet overview, etc. So this can be closed out in that case.
This flaw exists in the implementation of VBA macros support for OpenOffice.org. This support is not (yet) part of upstream OpenOffice.org source, but only part of ooo-build / GO-OO patch set, which is not used in Red Hat OpenOffice.org packages version 2 and later.