Description

OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document.

References

• APPLE-APPLE-SA-2009-09-03-1
• BID-35671
• BID-38218
• BID-38245
• CERT-TA09-294A
• CERT-TA10-159B
• CERT-TA10-287A
• CERT-VN-466161
• CVE-2009-0217
• CVE-2009-2949
• CVE-2009-2950
• CVE-2009-3301
• CVE-2009-3302
• CVE-2010-0136
• DEBIAN-DSA-1995
• DISA_SEVERITY-Category II
• DISA_VMSKEY-V0024367
• IAVM-2010-B-0046
• MS-MS10-041
• OSVDB-55895
• OSVDB-55907
• OVAL-OVAL10022
• OVAL-OVAL10176
• OVAL-OVAL10186
• OVAL-OVAL10423
• OVAL-OVAL11050
• OVAL-OVAL7158
• OVAL-OVAL8717
• REDHAT-RHSA-2009:1200
• REDHAT-RHSA-2009:1201
• REDHAT-RHSA-2009:1428
• REDHAT-RHSA-2009:1636
• REDHAT-RHSA-2009:1637
• REDHAT-RHSA-2009:1649
• REDHAT-RHSA-2009:1650
• REDHAT-RHSA-2009:1694
• REDHAT-RHSA-2010:0101
• SUSE-SUSE-SA:2009:053
• SUSE-SUSE-SA:2010:017
• XF-56236
• XF-56238
• XF-56240
• XF-56241

Solution

Related Vulnerabilities

• RHSA-2009:1200: java-1.6.0-sun security update
• ELSA-2010-0101 Important: Enterprise Linux openoffice.org security update
• FreeBSD: openoffice.org -- multiple vulnerabilities (Multiple CVEs)
• Sun Patch: Sun GlassFish Enterprise Server 2.1.1 Patch16 (v2.1 patch22) (9.1_
• Sun Patch: StarOffice 8 (Solaris): Update 18
• Cent OS: CVE-2009-2949: CESA-2010:0101 (openoffice.org)
• SUSE Linux Security Vulnerability: CVE-2009-3301
• Sun Patch: StarSuite 8 (Solaris): Update 18
• Sun Patch: StarSuite 8 (Solaris_x86): Update 18
• RHSA-2009:1649: JBoss Enterprise Application Platform 4.3.0.CP07 update
• RHSA-2010:0101: openoffice.org security update
• Cent OS: CVE-2009-3301: CESA-2010:0101 (openoffice.org)
• USN-826-1: Mono vulnerabilities
• RHSA-2009:1201: java-1.6.0-openjdk security and bug fix update
• HP-UX: CVE-2009-0217: Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
• SUSE Linux Security Vulnerability: CVE-2009-2949
• Cent OS: CVE-2009-2950: CESA-2010:0101 (openoffice.org)
• FreeBSD: mono -- XML signature HMAC truncation spoofing (CVE-2009-0217)
• Sun Patch: Sun GlassFish Enterprise Server v2.1.1 Security Patch01, Solaris:
• Gentoo Linux: CVE-2009-2950: OpenOffice, LibreOffice: Multiple vulnerabilities
• Cent OS: CVE-2009-0217: CESA-2009:1428 (xmlsec1)
• RHSA-2009:1694: java-1.6.0-ibm security update
• RHSA-2009:1636: JBoss Enterprise Application Platform 4.3.0.CP07 update
• Cent OS: CVE-2009-3302: CESA-2010:0101 (openoffice.org)
• SUSE Linux Security Vulnerability: CVE-2009-0217
• SUSE Linux Security Vulnerability: CVE-2009-2950
• Gentoo Linux: CVE-2009-2949: OpenOffice, LibreOffice: Multiple vulnerabilities
• RHSA-2009:1428: xmlsec1 security update
• JRE XML Authentication Bypass
• RHSA-2009:1650: JBoss Enterprise Application Platform 4.2.0.CP08 update
• SUSE Linux Security Vulnerability: CVE-2010-0136
• RHSA-2010:0043: Red Hat Network Satellite Server IBM Java Runtime security update
• USN-903-1: OpenOffice.org vulnerabilities
• RHSA-2009:1637: JBoss Enterprise Application Platform 4.2.0.CP08 update
• USN-814-1: OpenJDK vulnerabilities
• SUSE Linux Security Vulnerability: CVE-2009-3302
• SUSE Linux Security Advisory: SUSE-SA:2009:053
• Sun Patch: StarOffice 8 (Solaris_x86): Update 18
• MS10-041: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
• IBM WebSphere Application Server: CVE-2009-0217: WebSphere Application Server Vulnerability
• Sun Patch: Sun GlassFish Enterprise Server 2.1.1 Patch16 (v2.1 patch22) (9.1_
• ELSA-2009-1428 Moderate: Enterprise Linux xmlsec1 security update
• Gentoo Linux: CVE-2009-3302: OpenOffice, LibreOffice: Multiple vulnerabilities
• Gentoo Linux: CVE-2009-0217: Mono: Multiple vulnerabilities
• Gentoo Linux: CVE-2009-3301: OpenOffice, LibreOffice: Multiple vulnerabilities
• Sun Patch: Sun GlassFish Enterprise Server v2.1.1 Security Patch01, _x86: SVR