Home page logo
/

bugtraq logo Bugtraq mailing list archives

Hancom Office '.hml' file heap-based buffer overflow
From: diroverflow () gmail com
Date: Tue, 17 Dec 2013 09:21:00 GMT

There is a vulnerability in Hancom Office 2010 SE, which can be exploited by malicious people to compromise a user's 
system.
'.hml' is a type of XML document files which is defined by Hancom. Contructing a long TEXTART tag will cause a 
heap-based buffer overflow. Such as:

<TEXTART Text="AAAAAAAA...(more than 500 bytes)" X0="0" X1="14173" X2="14173" X3="0" Y0="0" Y1="0" Y2="14173" 
Y3="14173">

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.The vulnerabilities are confirmed 
in version 8.5.8. Other versions may also be affected.


  By Date           By Thread  

Current thread:
  • Hancom Office '.hml' file heap-based buffer overflow diroverflow (Dec 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]