CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6585
https://notcve.org/view.php?id=CVE-2015-6585
25 Jul 2017 — hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a "type confusion" via an HWPX file containing a crafted para text tag. La biblioteca hwpapp.dll en Hangul Word Processor permite a los atacantes remotos ejecutar código arbitrario por medio de un heap spray creado, y al aprovechar una "type confusion" por medio de un archivo HWPX que contiene una etiqueta de texto para creada. • http://www.hancom.com/cs_center/csDownload.do • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-2819
https://notcve.org/view.php?id=CVE-2017-2819
24 May 2017 — An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the context of the application. An attacker can entice a user to open up a document in order to trigger this vulnerability. Existe un desbordamiento de búfer en la región heap de la memoria explotable en el componente Hangu... • https://talosintelligence.com/vulnerability_reports/TALOS-2017-0320 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •