CVE-2022-33896
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability.
Se presenta una vulnerabilidad de desbordamiento del búfer en la forma en que Hword de Hancom Office 2020 versión 11.0.0.5357, analiza los archivos de oficina basados en XML. Un archivo malformado especialmente diseñado puede causar la corrupción de la memoria mediante el uso de la memoria antes del inicio del búfer, lo que puede conllevar a una ejecución de código. Una víctima necesitaría acceder a un archivo malicioso para desencadenar esta vulnerabilidad
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-05 CVE Reserved
- 2022-10-07 CVE Published
- 2024-04-26 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-124: Buffer Underwrite ('Buffer Underflow')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2022-1574 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hancom Search vendor "Hancom" | Hancom Office 2020 Search vendor "Hancom" for product "Hancom Office 2020" | 11.0.0.5357 Search vendor "Hancom" for product "Hancom Office 2020" and version "11.0.0.5357" | - |
Affected
| ||||||