Search criteria
25 vulnerabilities by Hancom
CVE-2023-51598 (GCVE-0-2023-51598)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:15 – Updated: 2024-08-02 22:40
VLAI?
Summary
Hancom Office Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DOC files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20384.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hancom:office:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "office",
"vendor": "hancom",
"versions": [
{
"status": "affected",
"version": "11.0.0.6914"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:18:28.765377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T14:25:08.665Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:33.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1855",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1855/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Office",
"vendor": "Hancom",
"versions": [
{
"status": "affected",
"version": "HancomOffice Word 11.0.0.6914"
}
]
}
],
"dateAssigned": "2023-12-20T14:45:49.418-06:00",
"datePublic": "2023-12-20T16:53:58.579-06:00",
"descriptions": [
{
"lang": "en",
"value": "Hancom Office Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DOC files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20384."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:15:26.147Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1855",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1855/"
}
],
"source": {
"lang": "en",
"value": "logos"
},
"title": "Hancom Office Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-51598",
"datePublished": "2024-05-03T02:15:26.147Z",
"dateReserved": "2023-12-20T20:38:20.871Z",
"dateUpdated": "2024-08-02T22:40:33.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50235 (GCVE-0-2023-50235)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:14 – Updated: 2024-08-02 22:09
VLAI?
Summary
Hancom Office Show PPT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Show. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PPT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20387.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hancom:hanom_office_show:11.0.0.6931:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hanom_office_show",
"vendor": "hancom",
"versions": [
{
"status": "affected",
"version": "11.0.0.6931"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:16:25.586706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:51.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1857",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1857/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Office",
"vendor": "Hancom",
"versions": [
{
"status": "affected",
"version": "HancomOffice Show 11.0.0.6931"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.761-06:00",
"datePublic": "2023-12-20T16:54:04.422-06:00",
"descriptions": [
{
"lang": "en",
"value": "Hancom Office Show PPT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Show. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PPT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20387."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:51.048Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1857",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1857/"
}
],
"source": {
"lang": "en",
"value": "logos"
},
"title": "Hancom Office Show PPT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50235",
"datePublished": "2024-05-03T02:14:51.048Z",
"dateReserved": "2023-12-05T16:15:17.545Z",
"dateUpdated": "2024-08-02T22:09:49.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50234 (GCVE-0-2023-50234)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:14 – Updated: 2024-08-02 22:09
VLAI?
Summary
Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Cell. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20386.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hancom:office:11.0.0.7123:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "office",
"vendor": "hancom",
"versions": [
{
"status": "affected",
"version": "11.0.0.7123"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T18:33:00.352405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:00.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1856",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1856/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Office",
"vendor": "Hancom",
"versions": [
{
"status": "affected",
"version": "HancomOffice Cell 11.0.0.7123"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.755-06:00",
"datePublic": "2023-12-20T16:54:01.770-06:00",
"descriptions": [
{
"lang": "en",
"value": "Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Cell. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20386."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:50.354Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1856",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1856/"
}
],
"source": {
"lang": "en",
"value": "logos"
},
"title": "Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50234",
"datePublished": "2024-05-03T02:14:50.354Z",
"dateReserved": "2023-12-05T16:15:17.545Z",
"dateUpdated": "2024-08-02T22:09:49.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40250 (GCVE-0-2023-40250)
Vulnerability from cvelistv5 – Published: 2024-01-12 01:31 – Updated: 2024-11-14 14:34
VLAI?
Summary
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893.
Severity ?
8.8 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hancom.com/cs_center/csDownload.do?gnb0=25gnb1=80"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T14:34:28.771537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T14:34:52.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "HCell",
"vendor": "Hancom",
"versions": [
{
"status": "affected",
"version": "12.0.0.893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in Hancom HCell on Windows allows Overflow Buffers.\u003cp\u003eThis issue affects HCell: 12.0.0.893.\u003c/p\u003e"
}
],
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T01:31:06.291Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"url": "https://www.hancom.com/cs_center/csDownload.do?gnb0=25gnb1=80"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2023-40250",
"datePublished": "2024-01-12T01:31:06.291Z",
"dateReserved": "2023-08-11T01:54:13.646Z",
"dateUpdated": "2024-11-14T14:34:52.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32541 (GCVE-0-2023-32541)
Vulnerability from cvelistv5 – Published: 2023-09-26 14:02 – Updated: 2025-11-04 19:16
VLAI?
Summary
A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hancom | Hancom Office 2020 |
Affected:
HWord 11.0.0.7520
|
Credits
Discovered by Marcin 'Icewall' Noga of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:16:19.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1759",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1759"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1759"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hancom:hancom_office_2020:11.0.0.7520:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hancom_office_2020",
"vendor": "hancom",
"versions": [
{
"status": "affected",
"version": "11.0.0.7520"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32541",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T13:29:27.614261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T13:32:41.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hancom Office 2020",
"vendor": "Hancom",
"versions": [
{
"status": "affected",
"version": "HWord 11.0.0.7520"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Marcin \u0026#39;Icewall\u0026#39; Noga of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T17:00:06.437Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1759",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1759"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-32541",
"datePublished": "2023-09-26T14:02:28.222Z",
"dateReserved": "2023-06-08T18:44:01.632Z",
"dateUpdated": "2025-11-04T19:16:19.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-33896 (GCVE-0-2022-33896)
Vulnerability from cvelistv5 – Published: 2022-10-07 15:05 – Updated: 2025-04-15 18:49
VLAI?
Summary
A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability.
Severity ?
7.8 (High)
CWE
- CWE-124 - Buffer Underwrite ('Buffer Underflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hancom | Hancom Office 2020 |
Affected:
Hancom Office 2020 11.0.0.5357
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1574"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-33896",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:17:57.796842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:49:15.593Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hancom Office 2020",
"vendor": "Hancom",
"versions": [
{
"status": "affected",
"version": "Hancom Office 2020 11.0.0.5357"
}
]
}
],
"datePublic": "2022-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-124",
"description": "CWE-124: Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1574"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-33896",
"datePublished": "2022-10-07T15:05:08.443Z",
"dateReserved": "2022-07-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:49:15.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21958 (GCVE-0-2021-21958)
Vulnerability from cvelistv5 – Published: 2022-02-16 16:38 – Updated: 2025-04-15 19:10
VLAI?
Summary
A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potential arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Severity ?
7.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1386"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-21958",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:23:47.585078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T19:10:05.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hancom",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Hancom Office 2020 11.0.0.2353"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potential arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-16T16:38:31.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1386"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2021-21958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hancom",
"version": {
"version_data": [
{
"version_value": "Hancom Office 2020 11.0.0.2353"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potential arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1386",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1386"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2021-21958",
"datePublished": "2022-02-16T16:38:31.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2025-04-15T19:10:05.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7882 (GCVE-0-2020-7882)
Vulnerability from cvelistv5 – Published: 2021-11-22 14:43 – Updated: 2024-08-04 09:48
VLAI?
Summary
Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../')
Severity ?
7.5 (High)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hancomwith | anySign4PC |
Affected:
1.1.1.0
Affected: 1.1.2.6 Affected: 1.1.2.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:23.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "anySign4PC",
"vendor": "Hancomwith",
"versions": [
{
"status": "affected",
"version": "1.1.1.0"
},
{
"status": "affected",
"version": "1.1.2.6"
},
{
"status": "affected",
"version": "1.1.2.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. \u0027../../../\u0027)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-22T14:43:26",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36344"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "anySign directory traversal vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2020-7882",
"STATE": "PUBLIC",
"TITLE": "anySign directory traversal vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "anySign4PC",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "=",
"version_name": "1.1.1.0",
"version_value": "1.1.1.0"
},
{
"platform": "Windows",
"version_affected": "=",
"version_name": "1.1.2.6",
"version_value": "1.1.2.6"
},
{
"platform": "Windows",
"version_affected": "=",
"version_name": "1.1.2.7",
"version_value": "1.1.2.7"
}
]
}
}
]
},
"vendor_name": "Hancomwith"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. \u0027../../../\u0027)"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-24 Path Traversal: \u0027../filedir\u0027"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36344",
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36344"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2020-7882",
"datePublished": "2021-11-22T14:43:26",
"dateReserved": "2020-01-22T00:00:00",
"dateUpdated": "2024-08-04T09:48:23.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16338 (GCVE-0-2019-16338)
Vulnerability from cvelistv5 – Published: 2020-03-19 17:15 – Updated: 2024-08-05 01:10
VLAI?
Summary
The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://help.hancom.com/update_en_multilang/details/HOfficeNEO_update.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://starlabs.sg/advisories/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-19T17:15:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://help.hancom.com/update_en_multilang/details/HOfficeNEO_update.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://starlabs.sg/advisories/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.hancom.com/update_en_multilang/details/HOfficeNEO_update.htm",
"refsource": "MISC",
"url": "http://help.hancom.com/update_en_multilang/details/HOfficeNEO_update.htm"
},
{
"name": "https://starlabs.sg/advisories/",
"refsource": "MISC",
"url": "https://starlabs.sg/advisories/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16338",
"datePublished": "2020-03-19T17:15:03",
"dateReserved": "2019-09-15T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16337 (GCVE-0-2019-16337)
Vulnerability from cvelistv5 – Published: 2020-03-19 17:12 – Updated: 2024-08-05 01:10
VLAI?
Summary
The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a crafted .docx file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://help.hancom.com/update_en_multilang/details/HOfficeNEO_update.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://starlabs.sg/advisories/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a crafted .docx file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-19T17:12:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://help.hancom.com/update_en_multilang/details/HOfficeNEO_update.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://starlabs.sg/advisories/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a crafted .docx file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.hancom.com/update_en_multilang/details/HOfficeNEO_update.htm",
"refsource": "MISC",
"url": "http://help.hancom.com/update_en_multilang/details/HOfficeNEO_update.htm"
},
{
"name": "https://starlabs.sg/advisories/",
"refsource": "MISC",
"url": "https://starlabs.sg/advisories/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16337",
"datePublished": "2020-03-19T17:12:34",
"dateReserved": "2019-09-15T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5201 (GCVE-0-2018-5201)
Vulnerability from cvelistv5 – Published: 2018-12-21 16:00 – Updated: 2024-08-05 05:26
VLAI?
Summary
Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions.
Severity ?
No CVSS data available.
CWE
- Heap overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HANCOM | Hancom Office |
Affected:
Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hancom Office",
"vendor": "HANCOM",
"versions": [
{
"status": "affected",
"version": "Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions"
}
]
}
],
"datePublic": "2018-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-21T15:57:01",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30116"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2018-5201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hancom Office",
"version": {
"version_data": [
{
"version_value": "Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions"
}
]
}
}
]
},
"vendor_name": "HANCOM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30116",
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30116"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2018-5201",
"datePublished": "2018-12-21T16:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5195 (GCVE-0-2018-5195)
Vulnerability from cvelistv5 – Published: 2018-01-17 17:00 – Updated: 2024-09-17 00:36
VLAI?
Summary
Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document.
Severity ?
No CVSS data available.
CWE
- buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hancom | Hancom office Hword NEO |
Affected:
9.6.1.5183 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:47.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=26983"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.hancom.com/cve/hoffice/en-US/CVE_en_050_01.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hancom office Hword NEO",
"vendor": "Hancom",
"versions": [
{
"status": "affected",
"version": "9.6.1.5183 and earlier"
}
]
}
],
"datePublic": "2018-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T16:57:01",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=26983"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.hancom.com/cve/hoffice/en-US/CVE_en_050_01.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"DATE_PUBLIC": "2018-01-17T00:00:00",
"ID": "CVE-2018-5195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hancom office Hword NEO",
"version": {
"version_data": [
{
"version_value": "9.6.1.5183 and earlier"
}
]
}
}
]
},
"vendor_name": "Hancom"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=26983",
"refsource": "MISC",
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=26983"
},
{
"name": "http://help.hancom.com/cve/hoffice/en-US/CVE_en_050_01.htm",
"refsource": "CONFIRM",
"url": "http://help.hancom.com/cve/hoffice/en-US/CVE_en_050_01.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2018-5195",
"datePublished": "2018-01-17T17:00:00Z",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:36:29.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6585 (GCVE-0-2015-6585)
Vulnerability from cvelistv5 – Published: 2017-07-25 18:00 – Updated: 2024-08-06 07:22
VLAI?
Summary
hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a "type confusion" via an HWPX file containing a crafted para text tag.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "76694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76694"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fireeye.com/blog/threat-research/2015/09/zero-day_hwp_exploit.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.hancom.com/cs_center/csDownload.do"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fireeye.com/content/dam/fireeye-www/global/en/blog/threat-research/FireEye_HWP_ZeroDay.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a \"type confusion\" via an HWPX file containing a crafted para text tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "76694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76694"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fireeye.com/blog/threat-research/2015/09/zero-day_hwp_exploit.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.hancom.com/cs_center/csDownload.do"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fireeye.com/content/dam/fireeye-www/global/en/blog/threat-research/FireEye_HWP_ZeroDay.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a \"type confusion\" via an HWPX file containing a crafted para text tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76694"
},
{
"name": "https://www.fireeye.com/blog/threat-research/2015/09/zero-day_hwp_exploit.html",
"refsource": "MISC",
"url": "https://www.fireeye.com/blog/threat-research/2015/09/zero-day_hwp_exploit.html"
},
{
"name": "http://www.hancom.com/cs_center/csDownload.do",
"refsource": "CONFIRM",
"url": "http://www.hancom.com/cs_center/csDownload.do"
},
{
"name": "https://www.fireeye.com/content/dam/fireeye-www/global/en/blog/threat-research/FireEye_HWP_ZeroDay.pdf",
"refsource": "MISC",
"url": "https://www.fireeye.com/content/dam/fireeye-www/global/en/blog/threat-research/FireEye_HWP_ZeroDay.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6585",
"datePublished": "2017-07-25T18:00:00",
"dateReserved": "2015-08-21T00:00:00",
"dateUpdated": "2024-08-06T07:22:22.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2819 (GCVE-0-2017-2819)
Vulnerability from cvelistv5 – Published: 2017-05-24 14:00 – Updated: 2024-08-05 14:02
VLAI?
Summary
An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the context of the application. An attacker can entice a user to open up a document in order to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- heap-based buffer overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hancom | Hangul Word Processor in Thinkfree Office NEO Trial Word |
Affected:
9.6.1.4902
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hangul Word Processor in Thinkfree Office NEO Trial Word",
"vendor": "Hancom",
"versions": [
{
"status": "affected",
"version": "9.6.1.4902"
}
]
}
],
"datePublic": "2017-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the context of the application. An attacker can entice a user to open up a document in order to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "heap-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:22:48",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hangul Word Processor in Thinkfree Office NEO Trial Word",
"version": {
"version_data": [
{
"version_value": "9.6.1.4902"
}
]
}
}
]
},
"vendor_name": "Hancom"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the context of the application. An attacker can entice a user to open up a document in order to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "heap-based buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0320",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2819",
"datePublished": "2017-05-24T14:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:07.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4293 (GCVE-0-2016-4293)
Vulnerability from cvelistv5 – Published: 2017-04-20 17:00 – Updated: 2024-08-06 00:25
VLAI?
Summary
Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92327",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92327"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0148/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-20T16:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "92327",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92327"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0148/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92327"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0148/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0148/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-4293",
"datePublished": "2017-04-20T17:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4294 (GCVE-0-2016-4294)
Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-06 00:25
VLAI?
Summary
When opening a Hangul Hcell Document (.cell) and processing a property record within the Workbook stream, Hancom Office 2014 will attempt to allocate space for an element using a length from the file. When copying user-supplied data to this buffer, however, the application will use a different size which leads to a heap-based buffer overflow. This vulnerability can lead to code-execution under the context of the application.
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hancom | Hancom Office |
Affected:
2014 VP Trial HCell.exe Product version: 9.1.0.2176, HCellApp.dll Product version: 9.1.0.2176 HCellBook.dll Product version: 9.1.0.2176
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0149/"
},
{
"name": "92327",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hancom Office",
"vendor": "Hancom",
"versions": [
{
"status": "affected",
"version": "2014 VP Trial HCell.exe Product version: 9.1.0.2176, HCellApp.dll Product version: 9.1.0.2176 HCellBook.dll Product version: 9.1.0.2176"
}
]
}
],
"datePublic": "2016-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When opening a Hangul Hcell Document (.cell) and processing a property record within the Workbook stream, Hancom Office 2014 will attempt to allocate space for an element using a length from the file. When copying user-supplied data to this buffer, however, the application will use a different size which leads to a heap-based buffer overflow. This vulnerability can lead to code-execution under the context of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T10:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0149/"
},
{
"name": "92327",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92327"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hancom Office",
"version": {
"version_data": [
{
"version_value": "2014 VP Trial HCell.exe Product version: 9.1.0.2176, HCellApp.dll Product version: 9.1.0.2176 HCellBook.dll Product version: 9.1.0.2176"
}
]
}
}
]
},
"vendor_name": "Hancom"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When opening a Hangul Hcell Document (.cell) and processing a property record within the Workbook stream, Hancom Office 2014 will attempt to allocate space for an element using a length from the file. When copying user-supplied data to this buffer, however, the application will use a different size which leads to a heap-based buffer overflow. This vulnerability can lead to code-execution under the context of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0149/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0149/"
},
{
"name": "92327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92327"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-4294",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4295 (GCVE-0-2016-4295)
Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-06 00:25
VLAI?
Summary
When opening a Hangul Hcell Document (.cell) and processing a particular record within the Workbook stream, an index miscalculation leading to a heap overlow can be made to occur in Hancom Office 2014. The vulnerability occurs when processing data for a formula used to render a chart via the HncChartPlugin.hplg library. Due to a lack of bounds-checking when incrementing an index that is used for writing into a buffer for formulae, the application can be made to write pointer data outside its bounds which can lead to code execution under the context of the application.
Severity ?
No CVSS data available.
CWE
- index miscalculation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hancom | Hancom Office |
Affected:
2014 VP Trial HCell.exe Product version: 9.1.0.2176, HCellApp.dll Product version: 9.1.0.2176 HCellBook.dll Product version: 9.1.0.2176
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0150/"
},
{
"name": "92327",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hancom Office",
"vendor": "Hancom",
"versions": [
{
"status": "affected",
"version": "2014 VP Trial HCell.exe Product version: 9.1.0.2176, HCellApp.dll Product version: 9.1.0.2176 HCellBook.dll Product version: 9.1.0.2176"
}
]
}
],
"datePublic": "2016-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When opening a Hangul Hcell Document (.cell) and processing a particular record within the Workbook stream, an index miscalculation leading to a heap overlow can be made to occur in Hancom Office 2014. The vulnerability occurs when processing data for a formula used to render a chart via the HncChartPlugin.hplg library. Due to a lack of bounds-checking when incrementing an index that is used for writing into a buffer for formulae, the application can be made to write pointer data outside its bounds which can lead to code execution under the context of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "index miscalculation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T10:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0150/"
},
{
"name": "92327",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92327"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hancom Office",
"version": {
"version_data": [
{
"version_value": "2014 VP Trial HCell.exe Product version: 9.1.0.2176, HCellApp.dll Product version: 9.1.0.2176 HCellBook.dll Product version: 9.1.0.2176"
}
]
}
}
]
},
"vendor_name": "Hancom"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When opening a Hangul Hcell Document (.cell) and processing a particular record within the Workbook stream, an index miscalculation leading to a heap overlow can be made to occur in Hancom Office 2014. The vulnerability occurs when processing data for a formula used to render a chart via the HncChartPlugin.hplg library. Due to a lack of bounds-checking when incrementing an index that is used for writing into a buffer for formulae, the application can be made to write pointer data outside its bounds which can lead to code execution under the context of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "index miscalculation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0150/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0150/"
},
{
"name": "92327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92327"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-4295",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4296 (GCVE-0-2016-4296)
Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-06 00:25
VLAI?
Summary
When opening a Hangul Hcell Document (.cell) and processing a record that uses the CSSValFormat object, Hancom Office 2014 will search for an underscore ("_") character at the end of the string and write a null terminator after it. If the character is at the very end of the string, the application will mistakenly write the null-byte outside the bounds of its destination. This can result in heap corruption that can lead code execution under the context of the application
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hancom | Hancom Office |
Affected:
2014 VP Trial HCell.exe Product version: 9.1.0.2176, HCellApp.dll Product version: 9.1.0.2176 HCellBook.dll Product version: 9.1.0.2176
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0151/"
},
{
"name": "92327",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hancom Office",
"vendor": "Hancom",
"versions": [
{
"status": "affected",
"version": "2014 VP Trial HCell.exe Product version: 9.1.0.2176, HCellApp.dll Product version: 9.1.0.2176 HCellBook.dll Product version: 9.1.0.2176"
}
]
}
],
"datePublic": "2016-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When opening a Hangul Hcell Document (.cell) and processing a record that uses the CSSValFormat object, Hancom Office 2014 will search for an underscore (\"_\") character at the end of the string and write a null terminator after it. If the character is at the very end of the string, the application will mistakenly write the null-byte outside the bounds of its destination. This can result in heap corruption that can lead code execution under the context of the application"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T10:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0151/"
},
{
"name": "92327",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92327"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hancom Office",
"version": {
"version_data": [
{
"version_value": "2014 VP Trial HCell.exe Product version: 9.1.0.2176, HCellApp.dll Product version: 9.1.0.2176 HCellBook.dll Product version: 9.1.0.2176"
}
]
}
}
]
},
"vendor_name": "Hancom"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When opening a Hangul Hcell Document (.cell) and processing a record that uses the CSSValFormat object, Hancom Office 2014 will search for an underscore (\"_\") character at the end of the string and write a null terminator after it. If the character is at the very end of the string, the application will mistakenly write the null-byte outside the bounds of its destination. This can result in heap corruption that can lead code execution under the context of the application"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0151/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0151/"
},
{
"name": "92327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92327"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-4296",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4298 (GCVE-0-2016-4298)
Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-06 00:25
VLAI?
Summary
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a list of elements using a length from the file. When calculating this length, an integer overflow can be made to occur which will cause the buffer to be undersized when the application tries to copy file data into the object containing this structure. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application.
Severity ?
No CVSS data available.
CWE
- integer overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Hancom version Hancom Office 2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291 |
Affected:
Hancom version Hancom Office 2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0144/"
},
{
"name": "92325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hancom version Hancom Office 2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Hancom version Hancom Office 2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291"
}
]
}
],
"datePublic": "2016-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a list of elements using a length from the file. When calculating this length, an integer overflow can be made to occur which will cause the buffer to be undersized when the application tries to copy file data into the object containing this structure. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "integer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T10:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0144/"
},
{
"name": "92325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hancom version Hancom Office 2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291",
"version": {
"version_data": [
{
"version_value": "Hancom version Hancom Office 2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a list of elements using a length from the file. When calculating this length, an integer overflow can be made to occur which will cause the buffer to be undersized when the application tries to copy file data into the object containing this structure. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0144/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0144/"
},
{
"name": "92325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-4298",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4292 (GCVE-0-2016-4292)
Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-06 00:25
VLAI?
Summary
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a static size to allocate a heap buffer yet explicitly trust a size from the file when modifying data inside of it. Due to this, an aggressor can corrupt memory outside the bounds of this buffer which can lead to code execution under the context of the application.
Severity ?
No CVSS data available.
CWE
- out-of-bounds write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hancom | Hancom Office |
Affected:
2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0147/"
},
{
"name": "92325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hancom Office",
"vendor": "Hancom",
"versions": [
{
"status": "affected",
"version": "2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291"
}
]
}
],
"datePublic": "2016-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a static size to allocate a heap buffer yet explicitly trust a size from the file when modifying data inside of it. Due to this, an aggressor can corrupt memory outside the bounds of this buffer which can lead to code execution under the context of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bounds write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T10:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0147/"
},
{
"name": "92325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hancom Office",
"version": {
"version_data": [
{
"version_value": "2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291"
}
]
}
}
]
},
"vendor_name": "Hancom"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a static size to allocate a heap buffer yet explicitly trust a size from the file when modifying data inside of it. Due to this, an aggressor can corrupt memory outside the bounds of this buffer which can lead to code execution under the context of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0147/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0147/"
},
{
"name": "92325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-4292",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4291 (GCVE-0-2016-4291)
Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-06 00:25
VLAI?
Summary
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a field from the structure in an operation that can cause the integer to overflow. This result is then used to allocate memory to copy file data in. Due to the lack of bounds checking on the integer, the allocated memory buffer can be made to be undersized at which point the reading of file data will write outside the bounds of the buffer. This can lead to code execution under the context of the application.
Severity ?
No CVSS data available.
CWE
- integer overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hancom | Hancom Office |
Affected:
2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92325"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0146/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hancom Office",
"vendor": "Hancom",
"versions": [
{
"status": "affected",
"version": "2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291"
}
]
}
],
"datePublic": "2016-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a field from the structure in an operation that can cause the integer to overflow. This result is then used to allocate memory to copy file data in. Due to the lack of bounds checking on the integer, the allocated memory buffer can be made to be undersized at which point the reading of file data will write outside the bounds of the buffer. This can lead to code execution under the context of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "integer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T10:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "92325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92325"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0146/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hancom Office",
"version": {
"version_data": [
{
"version_value": "2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291"
}
]
}
}
]
},
"vendor_name": "Hancom"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a field from the structure in an operation that can cause the integer to overflow. This result is then used to allocate memory to copy file data in. Due to the lack of bounds checking on the integer, the allocated memory buffer can be made to be undersized at which point the reading of file data will write outside the bounds of the buffer. This can lead to code execution under the context of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92325"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0146/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0146/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-4291",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4290 (GCVE-0-2016-4290)
Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-06 00:25
VLAI?
Summary
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a block of data within the file. When calculating this length, the application will use a value from the file and add a constant to it without checking whether the addition of the constant will cause the integer to overflow which will cause the buffer to be undersized when the application tries to copy file data into it. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application.
Severity ?
No CVSS data available.
CWE
- integer overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hancom | Hancom Office |
Affected:
2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0145/"
},
{
"name": "92325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hancom Office",
"vendor": "Hancom",
"versions": [
{
"status": "affected",
"version": "2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291"
}
]
}
],
"datePublic": "2016-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a block of data within the file. When calculating this length, the application will use a value from the file and add a constant to it without checking whether the addition of the constant will cause the integer to overflow which will cause the buffer to be undersized when the application tries to copy file data into it. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "integer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T10:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0145/"
},
{
"name": "92325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-4290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hancom Office",
"version": {
"version_data": [
{
"version_value": "2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291"
}
]
}
}
]
},
"vendor_name": "Hancom"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a block of data within the file. When calculating this length, the application will use a value from the file and add a constant to it without checking whether the addition of the constant will cause the integer to overflow which will cause the buffer to be undersized when the application tries to copy file data into it. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0145/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0145/"
},
{
"name": "92325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-4290",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2810 (GCVE-0-2015-2810)
Vulnerability from cvelistv5 – Published: 2015-05-15 22:00 – Updated: 2024-08-06 05:24
VLAI?
Summary
Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 2014 VP 9.1.0.2186, allows remote attackers to cause a denial of service (crash) and possibly "influence the program's execution flow" via a document with a large paragraph size, which triggers heap corruption.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:38.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150413 [CVE-2015-2810] Integer Overflow leading to heap corruption when assigning a long paragraph size value to a HanWord document",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Apr/89"
},
{
"name": "74153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 2014 VP 9.1.0.2186, allows remote attackers to cause a denial of service (crash) and possibly \"influence the program\u0027s execution flow\" via a document with a large paragraph size, which triggers heap corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150413 [CVE-2015-2810] Integer Overflow leading to heap corruption when assigning a long paragraph size value to a HanWord document",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Apr/89"
},
{
"name": "74153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74153"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 2014 VP 9.1.0.2186, allows remote attackers to cause a denial of service (crash) and possibly \"influence the program\u0027s execution flow\" via a document with a large paragraph size, which triggers heap corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150413 [CVE-2015-2810] Integer Overflow leading to heap corruption when assigning a long paragraph size value to a HanWord document",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Apr/89"
},
{
"name": "74153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74153"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2810",
"datePublished": "2015-05-15T22:00:00",
"dateReserved": "2015-03-31T00:00:00",
"dateUpdated": "2024-08-06T05:24:38.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7420 (GCVE-0-2013-7420)
Vulnerability from cvelistv5 – Published: 2015-01-12 17:00 – Updated: 2024-08-06 18:09
VLAI?
Summary
Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:17.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131217 Hancom Office \u0027.hml\u0027 file heap-based buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0100.html"
},
{
"name": "hancom-hml-bo(89871)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89871"
},
{
"name": "88211",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-12T17:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20131217 Hancom Office \u0027.hml\u0027 file heap-based buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0100.html"
},
{
"name": "hancom-hml-bo(89871)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89871"
},
{
"name": "88211",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131217 Hancom Office \u0027.hml\u0027 file heap-based buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0100.html"
},
{
"name": "hancom-hml-bo(89871)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89871"
},
{
"name": "88211",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7420",
"datePublished": "2015-01-12T17:00:00",
"dateReserved": "2015-01-12T00:00:00",
"dateUpdated": "2024-08-06T18:09:17.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1206 (GCVE-0-2012-1206)
Vulnerability from cvelistv5 – Published: 2012-02-20 19:00 – Updated: 2024-08-06 18:53
VLAI?
Summary
Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG image to the ImportGR in the JPG image filter module (HncJpeg10.flt) or (2) PNG image to the PNG image filter module (HncPng10.flt), which triggers a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:36.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "hancom-png-bo(73026)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73026"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hancom.co.kr/notice.noticeView.do?targetRow=1\u0026notice_seqno=100"
},
{
"name": "47386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47386"
},
{
"name": "hancom-importgr-bo(73025)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73025"
},
{
"name": "78906",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78906"
},
{
"name": "51892",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51892"
},
{
"name": "78907",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78907"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG image to the ImportGR in the JPG image filter module (HncJpeg10.flt) or (2) PNG image to the PNG image filter module (HncPng10.flt), which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "hancom-png-bo(73026)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73026"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hancom.co.kr/notice.noticeView.do?targetRow=1\u0026notice_seqno=100"
},
{
"name": "47386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47386"
},
{
"name": "hancom-importgr-bo(73025)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73025"
},
{
"name": "78906",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78906"
},
{
"name": "51892",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51892"
},
{
"name": "78907",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78907"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG image to the ImportGR in the JPG image filter module (HncJpeg10.flt) or (2) PNG image to the PNG image filter module (HncPng10.flt), which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "hancom-png-bo(73026)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73026"
},
{
"name": "http://www.hancom.co.kr/notice.noticeView.do?targetRow=1\u0026notice_seqno=100",
"refsource": "MISC",
"url": "http://www.hancom.co.kr/notice.noticeView.do?targetRow=1\u0026notice_seqno=100"
},
{
"name": "47386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47386"
},
{
"name": "hancom-importgr-bo(73025)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73025"
},
{
"name": "78906",
"refsource": "OSVDB",
"url": "http://osvdb.org/78906"
},
{
"name": "51892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51892"
},
{
"name": "78907",
"refsource": "OSVDB",
"url": "http://osvdb.org/78907"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1206",
"datePublished": "2012-02-20T19:00:00",
"dateReserved": "2012-02-20T00:00:00",
"dateUpdated": "2024-08-06T18:53:36.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}