CVE-2010-0136 in OpenOfficeinfo

Summary

by MITRE

OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 04/30/2026

The vulnerability identified as CVE-2010-0136 affects OpenOffice.org versions 2.0.4, 2.4.1, and 3.1.1, specifically targeting the Visual Basic for Applications macro security implementation. This flaw represents a critical security weakness in the document processing software that was widely used in enterprise environments and educational institutions. The vulnerability stems from the improper enforcement of macro security policies that should normally prevent automatic execution of potentially malicious code within office documents. Attackers can exploit this weakness by crafting specially designed documents that bypass the intended security restrictions, allowing arbitrary macros to execute without proper user consent or awareness.

The technical implementation flaw resides in the macro security subsystem of OpenOffice.org where VBA macro execution policies are not properly validated or enforced. When users open documents containing malicious VBA macros, the software fails to adequately verify whether the macros should be executed based on the user's security settings. This represents a failure in input validation and access control mechanisms that should prevent unauthorized code execution. The vulnerability aligns with CWE-1105, which describes weaknesses in security enforcement mechanisms, and specifically demonstrates inadequate protection against malicious macro code execution. The flaw essentially allows attackers to circumvent the security model that was designed to protect users from potentially harmful automated code execution within office documents.

From an operational impact perspective, this vulnerability poses significant risks to organizations relying on OpenOffice.org for document processing. Remote attackers can deliver malicious documents through various vectors including email attachments, web downloads, or compromised file sharing systems, leading to potential system compromise. The vulnerability enables attackers to execute arbitrary code on target systems, potentially leading to full system compromise, data exfiltration, or deployment of additional malware. The attack surface is particularly concerning given that OpenOffice.org was widely deployed in corporate environments where users frequently open documents from external sources, making the exploitation of this vulnerability highly probable. This weakness directly impacts the principle of least privilege and can be categorized under ATT&CK technique T1059.005 for command and scripting interpreter, specifically VBA macros.

Organizations should immediately implement mitigations including updating to patched versions of OpenOffice.org, implementing strict macro security policies, and deploying network-based protections such as email filtering and web proxies to prevent delivery of malicious documents. System administrators should configure macro security settings to require user confirmation before executing any macros, disable automatic macro execution, and regularly audit document sources. The vulnerability demonstrates the importance of proper security model implementation and validation, particularly in software that processes untrusted input from external sources. Additional protective measures include user education about document security risks, network segmentation, and implementing application whitelisting policies to prevent execution of unauthorized code. The incident highlights the critical need for comprehensive security testing and validation of security controls in office productivity software that handles potentially malicious content from untrusted sources.

Reservation

01/04/2010

Disclosure

02/16/2010

Moderation

accepted

Entry

VDB-51864

CPE

ready

EPSS

0.08127

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!