Hancom: Security Vulnerabilities
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-01-12
A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-09-27
A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-10-07
A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potential arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
7.8
EPSS Score
0.008
Published
2022-02-16
Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../')
CVSS Score
7.5
EPSS Score
0.004
Published
2021-11-22
The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a crafted .docx file.
CVSS Score
7.8
EPSS Score
0.003
Published
2020-03-19
The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file.
CVSS Score
7.8
EPSS Score
0.003
Published
2020-03-19
Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-12-21
Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document.
CVSS Score
9.8
EPSS Score
0.012
Published
2018-01-17
hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a "type confusion" via an HWPX file containing a crafted para text tag.
CVSS Score
7.8
EPSS Score
0.018
Published
2017-07-25
Page 1