Vulnerability Spotlight: Issue in Hancom Office 2020 could lead to code execution

_
_

_Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. _

Cisco Talos recently discovered an exploitable memory corruption vulnerability in Hancom Office 2020.

Hancom Office is a popular software collection among South Korean users that offers similar products to Microsoft Office, such as word processing and spreadsheet creation and management.

TALOS-2022-1574 (CVE-2022-33896) exists in the way the Hword word processing software processes XML files. An attacker could exploit this vulnerability by tricking the user into opening a specially crafted file, triggering a memory corruption error on the software and potentially leading to remote code execution on the targeted machine.

Cisco Talos worked with Hancom to ensure that this issue is resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are encouraged to update these affected products as soon as possible: Hancom Office 2020, version 11.0.0.5357. Talos tested and confirmed this version of Hancom Office could be exploited by this vulnerability.

The following Snort rules will detect exploitation attempts against this vulnerability: 60254 and 60255. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.