Hancom Office 2020 provides a feature-rich set of desktop productivity applications for conducting common tasks such as word processing, spreadsheet modelling, graphic presentation and working with PDFs. With an intuitive interface and powerful features, Hancom Office can bring out the true professional in you today.
An heap out-of-bounds read vulnerability exists in Hancom Word software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. An attacker who successfully exploited the vulnerability remotely and could run arbitrary code in the context of the current user. Failure could lead to denial-of-service. Product and version affected was Hancom Office 2020 with version 22.214.171.124. The vulnerability was found with fuzzing. A heap overflow occurred when parsing a specially crafted document file that could allow to execute arbitrary code, remotely. Access violation happened when attaching with debugger.
(39c.d14): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=5c002000 ebx=0d046af0 ecx=5c002000 edx=577d8b18 esi=0cf34250 edi=00000000 eip=6aa18f9a esp=00f7e20c ebp=00f7e20c iopl=0 nv up ei pl nz na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210206 HwordApp!HwordDeletePropertyArray+0xa5ee1a: 6aa18f9a 8b480c mov ecx,dword ptr [eax+0Ch] ds:002b:5c00200c=???????? 0:000> .exr -1 ExceptionAddress: 6aa18f9a (HwordApp!HwordDeletePropertyArray+0x00a5ee1a) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter: 00000000 Parameter: 5c00200c Attempt to read from address 5c00200c
The vulnerability was reported back August 2020. Timeline of disclosure: