CVE-2010-0136 — Vulnetix

Try Vulnetix Request Demo

CVE-2010-0136 PUBLISHED CVSS 9.300000190734863 CRITICAL

OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document.

EPSS 4.52% · 89.1th percentile

Risk Scores

CVSS v2.0

9.300000190734863

EPSS Score

4.52%

89.1th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	*
debian	debian_linux	5.0, 4.0
canonical	ubuntu_linux	9.04, 8.04, 8.10
apache	openoffice	3.1.1, 2.4.1, 2.0.4

Timeline

Feb 16, 2010 CVE Published
Feb 4, 2022 EPSS Score
Feb 8, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

38921 third-party-advisory
MDVSA-2010:221 vendor-advisory
38695 third-party-advisory
DSA-1995 vendor-advisory
1023588 vdb
USN-903-1 vendor-advisory
SUSE-SA:2010:017 vendor-advisory
[debian-openoffice] 20100212 ./packages/openofficeorg/3.1.1/unstable r1866: merge 1:3.1.1-15+squeeze1 mailing-list
ADV-2010-0635 vdb
38245 vdb
ADV-2010-2905 vdb
https://nvd.nist.gov/vuln/detail/CVE-2010-0136 advisory
http://www.mail-archive.com/debian-openoffice@lists.debian.org/msg23178.html url

Open in Interactive Console →