Lucene search

[email protected]CVE-2012-1206

HistoryFeb 24, 2012 - 1:55 p.m.

CVE-2012-1206

2012-02-2413:55:06

CWE-189

[email protected]

web.nvd.nist.gov

cve-2012-1206

integer overflow

hancom office

remote code execution

security vulnerability

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.065 Low

EPSS

Percentile

93.8%

JSON

Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG image to the ImportGR in the JPG image filter module (HncJpeg10.flt) or (2) PNG image to the PNG image filter module (HncPng10.flt), which triggers a heap-based buffer overflow.

Affected configurations

NVD

Node

hancomhancom_office_2010_seMatch8.5.5

CPENameOperatorVersion
hancom:hancom_office_2010_sehancom hancom office 2010 seeq8.5.5

CPE	Name	Operator	Version
hancom:hancom_office_2010_se	hancom hancom office 2010 se	eq	8.5.5

References

osvdb.org/78906

osvdb.org/78907

secunia.com/advisories/47386

www.hancom.co.kr/notice.noticeView.do?targetRow=1&notice_seqno=100

www.securityfocus.com/bid/51892

exchange.xforce.ibmcloud.com/vulnerabilities/73025

exchange.xforce.ibmcloud.com/vulnerabilities/73026

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.065 Low

EPSS

Percentile

93.8%

JSON

Related for CVE-2012-1206

nvd1 prion1 cvelist1