CVE-2017-2819
Last modified
CVE-2017-2819 is a vulnerability of currently unknown severity. An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the context of the application. EPSS estimates a 1.66% chance of exploitation in the next 30 days.
Description
An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the context of the application. An attacker can entice a user to open up a document in order to trigger this vulnerability.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hancom | Hangul Word Processor | 9.6.1.4350 |
| Hancom | Thinkfree Office Neo | 9.6.1.4902 |
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2017-0320Exploit, Third Party Advisory, VDB Entry
- https://talosintelligence.com/vulnerability_reports/TALOS-2017-0320Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-2819?
How severe is CVE-2017-2819?
How do I fix CVE-2017-2819?
Are you affected by CVE-2017-2819?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST