Vulnerability Details CVE-2017-2819
An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the context of the application. An attacker can entice a user to open up a document in order to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
Products affected by CVE-2017-2819
-
cpe:2.3:a:hancom:hangul_word_processor:9.6.1.4350
-
cpe:2.3:a:hancom:thinkfree_office_neo:9.6.1.4902