CVE-2017-2819

An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the context of the application. An attacker can entice a user to open up a document in order to trigger this vulnerability.
References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0320 Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hancom:hangul_word_processor:9.6.1.4350:*:*:*:*:*:*:*
cpe:2.3:a:hancom:thinkfree_office_neo:9.6.1.4902:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-05-24 14:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-2819

Mitre link : CVE-2017-2819

CVE.ORG link : CVE-2017-2819


JSON object : View

Products Affected

hancom

  • hangul_word_processor
  • thinkfree_office_neo
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer