Lucene search

TalosCVELIST:CVE-2022-33896

HistoryOct 07, 2022 - 3:05 p.m.

CVE-2022-33896

2022-10-0715:05:08

CWE-124

talos

www.cve.org

buffer underflow

hancom office 2020

code execution

xml files

memory corruption

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

36.3%

JSON

A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "Hancom",
    "product": "Hancom Office 2020",
    "versions": [
      {
        "version": "Hancom Office 2020 11.0.0.5357",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2022-1574

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

36.3%

JSON

Related for CVELIST:CVE-2022-33896