Vulnerability Bulletins |
Ejecución remota de código en OpenOffice |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software | OpenOffice.org < 3.2 |
Description |
|
Se ha descubierto una vulnerabilidad en OpenOffice. La vulnerabilidad reside en un error en la configuración de seguridad para las macro Visual Basic Applications (VBA). Un atacante remoto podría ejecutar código arbitrario mediante un documento especialmente diseñado. |
|
Solution |
|
Actualización de software Debian (DSA-1995-1) Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch9.diff.gz http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch8.dsc http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch9.dsc http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch8.diff.gz http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2.orig.tar.gz Debian (DSA-1995-1) Debian Linux 5.0 Source http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny5.diff.gz http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny5.dsc http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny6.diff.gz http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny4.dsc http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny6.dsc http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny4.diff.gz http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg.orig.tar.gz Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux. |
|
Standar resources |
|
Property | Value |
CVE | CVE-2010-0136 |
BID | 38245 |
Other resources |
|
Debian Security Advisory (DSA-1995-1) http://lists.debian.org/debian-security-announce/2010/msg00035.html SUSE Security Advisory (SUSE-SA:2010:017) http://www.novell.com/linux/security/advisories/2010_17_ooo.html |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2010-02-26 |
1.1 | Aviso emitido por Suse (SUSE-SA:2010:017) | 2010-03-25 |