Unrated severityNVD Advisory· Published Feb 16, 2010· Updated Apr 29, 2026

CVE-2010-0136

Description

OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document.

Affected products

Apache/Openoffice3 versions
cpe:2.3:a:apache:openoffice:2.0.4:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:apache:openoffice:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:openoffice:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:openoffice:3.1.1:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.htmlnvdThird Party Advisory
securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
www.debian.org/security/2010/dsa-1995nvdThird Party Advisory
www.securityfocus.com/bid/38245nvdBroken LinkThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-903-1nvdThird Party Advisory
secunia.com/advisories/38695nvdBroken Link
secunia.com/advisories/38921nvdBroken Link
www.mandriva.com/security/advisoriesnvdBroken Link
www.vupen.com/english/advisories/2010/0635nvdBroken Link
www.vupen.com/english/advisories/2010/2905nvdBroken Link
www.mail-archive.com/debian-openoffice%40lists.debian.org/msg23178.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000