Filtered by vendor Hancom
Subscribe
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50234 | 1 Hancom | 1 Office Cell | 2025-08-15 | N/A | 7.8 HIGH |
| Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Cell. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20386. | |||||
| CVE-2023-50235 | 1 Hancom | 1 Office Show | 2025-08-14 | N/A | 7.8 HIGH |
| Hancom Office Show PPT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Show. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PPT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20387. | |||||
| CVE-2023-51598 | 1 Hancom | 1 Office Word | 2025-08-14 | N/A | 8.8 HIGH |
| Hancom Office Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOC files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20384. | |||||
| CVE-2023-40250 | 2 Hancom, Microsoft | 2 Hcell, Windows | 2024-01-18 | N/A | 8.8 HIGH |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893. | |||||
| CVE-2022-33896 | 1 Hancom | 1 Hancom Office 2020 | 2022-10-11 | N/A | 7.8 HIGH |
| A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21958 | 1 Hancom | 1 Hancom Office 2020 | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potential arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2017-2819 | 1 Hancom | 2 Hangul Word Processor, Thinkfree Office Neo | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the context of the application. An attacker can entice a user to open up a document in order to trigger this vulnerability. | |||||
| CVE-2020-7882 | 2 Hancom, Microsoft | 2 Anysign4pc, Windows | 2021-11-26 | 6.4 MEDIUM | 9.1 CRITICAL |
| Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../') | |||||
| CVE-2018-5201 | 1 Hancom | 4 Hancom Office 2010, Hancom Office 2014, Hancom Office 2018 and 1 more | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions. | |||||
| CVE-2019-16337 | 1 Hancom | 1 Hancom Office Neo | 2020-03-27 | 6.8 MEDIUM | 7.8 HIGH |
| The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a crafted .docx file. | |||||
| CVE-2019-16338 | 1 Hancom | 1 Hancom Office Neo | 2020-03-27 | 6.8 MEDIUM | 7.8 HIGH |
| The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file. | |||||
| CVE-2013-7420 | 1 Hancom | 1 Hancom Office 2010 Se | 2019-04-12 | 7.5 HIGH | N/A |
| Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file. | |||||
| CVE-2018-5195 | 1 Hancom | 1 Thinkfree Office Neo | 2018-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document. | |||||
| CVE-2012-1206 | 1 Hancom | 1 Hancom Office 2010 Se | 2017-08-29 | 9.3 HIGH | N/A |
| Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG image to the ImportGR in the JPG image filter module (HncJpeg10.flt) or (2) PNG image to the PNG image filter module (HncPng10.flt), which triggers a heap-based buffer overflow. | |||||
| CVE-2015-6585 | 1 Hancom | 1 Hangul Word Processor | 2017-08-10 | 6.8 MEDIUM | 7.8 HIGH |
| hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a "type confusion" via an HWPX file containing a crafted para text tag. | |||||
| CVE-2016-4293 | 1 Hancom | 1 Hancom Office 2014 | 2017-04-27 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file. | |||||
| CVE-2016-4290 | 1 Hancom | 1 Hancom Office 2014 | 2017-01-11 | 6.8 MEDIUM | 7.8 HIGH |
| When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a block of data within the file. When calculating this length, the application will use a value from the file and add a constant to it without checking whether the addition of the constant will cause the integer to overflow which will cause the buffer to be undersized when the application tries to copy file data into it. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application. | |||||
| CVE-2016-4296 | 1 Hancom | 1 Hancom Office 2014 | 2017-01-11 | 6.8 MEDIUM | 7.8 HIGH |
| When opening a Hangul Hcell Document (.cell) and processing a record that uses the CSSValFormat object, Hancom Office 2014 will search for an underscore ("_") character at the end of the string and write a null terminator after it. If the character is at the very end of the string, the application will mistakenly write the null-byte outside the bounds of its destination. This can result in heap corruption that can lead code execution under the context of the application | |||||
| CVE-2016-4294 | 1 Hancom | 1 Hancom Office 2014 | 2017-01-11 | 6.8 MEDIUM | 7.8 HIGH |
| When opening a Hangul Hcell Document (.cell) and processing a property record within the Workbook stream, Hancom Office 2014 will attempt to allocate space for an element using a length from the file. When copying user-supplied data to this buffer, however, the application will use a different size which leads to a heap-based buffer overflow. This vulnerability can lead to code-execution under the context of the application. | |||||
| CVE-2016-4291 | 1 Hancom | 1 Hancom Office 2014 | 2017-01-11 | 6.8 MEDIUM | 7.8 HIGH |
| When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a field from the structure in an operation that can cause the integer to overflow. This result is then used to allocate memory to copy file data in. Due to the lack of bounds checking on the integer, the allocated memory buffer can be made to be undersized at which point the reading of file data will write outside the bounds of the buffer. This can lead to code execution under the context of the application. | |||||