CVE-2018-5201

Published: Dec 21, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions.

Affected (4)

Products: Hancom: Hancom Office 2010, Hancom Office 2014, Hancom Office 2018, Hancom Office Neo

4 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Hancom Hancom Office 2010	Up to 8.5.8.1724
Hancom Hancom Office 2014	Up to 9.1.1.4540
Hancom Hancom Office 2018	Up to 10.0.0.8214
Hancom Hancom Office Neo	Up to 9.6.1.10472

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30116

Source: vuln@krcert.or.kr

PatchThird Party Advisory

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30116

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.