CVE-2010-0395

OpenOffice.org <3.2.1 - Auth Bypass

Title source: llm

Description

OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.

References (25)

[Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042468.html

[Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042529.html

[Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042534.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

[Broken Link] http://secunia.com/advisories/40070

[Broken Link] http://secunia.com/advisories/40084

[Broken Link] http://secunia.com/advisories/40104

[Broken Link] http://secunia.com/advisories/40107

[Broken Link] http://secunia.com/advisories/41818

[Broken Link] http://secunia.com/advisories/60799

[Third Party Advisory] http://ubuntu.com/usn/usn-949-1

[Third Party Advisory] http://www.debian.org/security/2010/dsa-2055

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml

[Broken Link] http://www.mandriva.com/security/advisories?name=MDVSA-2010:221

[Vendor Advisory] http://www.openoffice.org/security/cves/CVE-2010-0395.html

[Third Party Advisory] http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

[Broken Link] http://www.redhat.com/support/errata/RHSA-2010-0459.html

[Third Party Advisory, US Government Resource] http://www.us-cert.gov/cas/techalerts/TA10-287A.html

[Broken Link, Patch] http://www.vupen.com/english/advisories/2010/1350

[Broken Link] http://www.vupen.com/english/advisories/2010/1353

... and 5 more

Scores

EPSS 0.2060

EPSS Percentile 95.5%

Classification

Status draft

Affected Products (15)

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

debian/debian_linux

debian/debian_linux

fedoraproject/fedora

fedoraproject/fedora

fedoraproject/fedora

opensuse/opensuse

opensuse/opensuse

opensuse/opensuse

suse/linux_enterprise_desktop

suse/linux_enterprise_desktop

apache/openoffice < 3.2.1

Timeline

Published Jun 10, 2010

Tracked Since Feb 18, 2026