CVE-2017-2819
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
24/05/2017
Last modified:
19/04/2022
Description
An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the context of the application. An attacker can entice a user to open up a document in order to trigger this vulnerability.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:hancom:hangul_word_processor:9.6.1.4350:*:*:*:*:*:*:* | ||
cpe:2.3:a:hancom:thinkfree_office_neo:9.6.1.4902:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page