Hancom Office - '.hml' File Processing Heap Buffer Overflow

EDB-ID:

38910




Platform:

Windows

Date:

2013-12-19


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

source: https://www.securityfocus.com/bid/64499/info

Hancom Office is prone to a remote heap-based buffer-overflow vulnerability.

An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious '.hml' document file.

Successful exploits will result in the execution of arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.

Hancom Office 2010 SE 8.5.8 is vulnerable; Other versions may also be affected. 

<TEXTART Text="AAAAAAAA...(more than 500 bytes)" X0="0" X1="14173" X2="14173" X3="0" Y0="0" Y1="0" Y2="14173" Y3="14173">