Unrated severityNVD Advisory· Published Jun 10, 2010· Updated Apr 29, 2026

CVE-2010-0395

Description

OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.

Affected products

Apache/Openoffice
cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*
Range: >=2.0.0,<3.2.1
Canonical (company)/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Fedoraproject/Fedora3 versions
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
OpenSUSE/openSUSE3 versions
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop2 versions
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vupen.com/english/advisories/2010/1350nvdBroken LinkPatch
lists.fedoraproject.org/pipermail/package-announce/2010-June/042468.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2010-June/042529.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2010-June/042534.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlnvdThird Party Advisory
ubuntu.com/usn/usn-949-1nvdThird Party Advisory
www.debian.org/security/2010/dsa-2055nvdThird Party Advisory
www.gentoo.org/security/en/glsa/glsa-201408-19.xmlnvdThird Party Advisory
www.openoffice.org/security/cves/CVE-2010-0395.htmlnvdVendor Advisory
www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlnvdThird Party Advisory
www.us-cert.gov/cas/techalerts/TA10-287A.htmlnvdThird Party AdvisoryUS Government Resource
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
secunia.com/advisories/40070nvdBroken Link
secunia.com/advisories/40084nvdBroken Link
secunia.com/advisories/40104nvdBroken Link
secunia.com/advisories/40107nvdBroken Link
secunia.com/advisories/41818nvdBroken Link
secunia.com/advisories/60799nvdBroken Link
www.mandriva.com/security/advisoriesnvdBroken Link
www.redhat.com/support/errata/RHSA-2010-0459.htmlnvdBroken Link
www.vupen.com/english/advisories/2010/1353nvdBroken Link
www.vupen.com/english/advisories/2010/1366nvdBroken Link
www.vupen.com/english/advisories/2010/1369nvdBroken Link
www.vupen.com/english/advisories/2010/2905nvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11091nvdTool Signature

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.016
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000