CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-50234 – Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50234
20 Dec 2023 — Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Cell. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copyi... • https://www.zerodayinitiative.com/advisories/ZDI-23-1856 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-50235 – Hancom Office Show PPT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50235
20 Dec 2023 — Hancom Office Show PPT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Show. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PPT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copyi... • https://www.zerodayinitiative.com/advisories/ZDI-23-1857 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51598 – Hancom Office Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51598
20 Dec 2023 — Hancom Office Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOC files. The issue results from the lack of validating the existence of an object prior to performing operations on the objec... • https://www.zerodayinitiative.com/advisories/ZDI-23-1855 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-32541
https://notcve.org/view.php?id=CVE-2023-32541
26 Sep 2023 — A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this vulnerability. Existe una vulnerabilidad de use-after-free en la funcionalidad de pie de página de Hancom Office 2020 HWord 11.0.0.7520. Un archivo .doc especialmente manipulado puede generar un use-after-free. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1759 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33896
https://notcve.org/view.php?id=CVE-2022-33896
07 Oct 2022 — A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento del búfer en la forma en que Hword de Hancom Office 2020 versión 11.0.0.5357, analiza los archivos de oficina basados en ... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1574 • CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-21958
https://notcve.org/view.php?id=CVE-2021-21958
16 Feb 2022 — A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potential arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de búfer en la región heap de la memoria en la funcionalidad Hword HwordApp.dll de Hancom Office 2020 versión 11.0.0.2353. Un archivo malformado diseñado especia... • https://blog.talosintelligence.com/2022/02/vuln-spotlight-.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16338
https://notcve.org/view.php?id=CVE-2019-16338
19 Mar 2020 — The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file. El componente tfo_common en la biblioteca HwordApp.dll en Hancom Office versión 9.6.1.7634, permite un uso de la memoria previamente liberada por medio de un archivo .docx diseñado. • http://help.hancom.com/update_en_multilang/details/HOfficeNEO_update.htm • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16337
https://notcve.org/view.php?id=CVE-2019-16337
19 Mar 2020 — The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a crafted .docx file. El componente hncbd90 en Hancom Office versión 9.6.1.9403, permite un uso de la memoria previamente liberada por medio de un objeto desconocido en un archivo .docx diseñado. • http://help.hancom.com/update_en_multilang/details/HOfficeNEO_update.htm • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5201
https://notcve.org/view.php?id=CVE-2018-5201
21 Dec 2018 — Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions. Hancom Office 2018, en versiones 10.0.0.8214 y anteriores; Hancom Office NEO, en versiones 9.6.1.10472 y anteriores; Hancom Office 2014, en versiones 9.1.1.4540 y anteriores; y Hancom Office ... • https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30116 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-5195
https://notcve.org/view.php?id=CVE-2018-5195
17 Jan 2018 — Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document. Las versiones 9.6.1.5183 y anteriores de Hancom NEO tienen una vulnerabilidad de desbordamiento de búfer que conduce a que atacantes remotos ejecuten comandos arbitrarios al ejecutar los atributos hyperlink en el documento. • http://help.hancom.com/cve/hoffice/en-US/CVE_en_050_01.htm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •