CVE-2022-33896

A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1574	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hancom:hancom_office_2020:11.0.0.5357:*:*:*:*:*:*:*

History

11 Oct 2022, 15:28

Type	Values Removed	Values Added
CPE		cpe:2.3:a:hancom:hancom_office_2020:11.0.0.5357:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
First Time		Hancom hancom Office 2020 Hancom
References	~~(MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2022-1574 -~~	(MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2022-1574 - Exploit, Third Party Advisory

07 Oct 2022, 15:19

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-10-07 15:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-33896

Mitre link : CVE-2022-33896

CVE.ORG link : CVE-2022-33896

JSON object : View

Products Affected

hancom

hancom_office_2020

CWE

CWE-124

Buffer Underwrite ('Buffer Underflow')

{"id": "CVE-2022-33896", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-10-07T15:15:15.553", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1574", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-124"}]}], "descriptions": [{"lang": "en", "value": "A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de desbordamiento del b\u00fafer en la forma en que Hword de Hancom Office 2020 versi\u00f3n 11.0.0.5357, analiza los archivos de oficina basados en XML. Un archivo malformado especialmente dise\u00f1ado puede causar la corrupci\u00f3n de la memoria mediante el uso de la memoria antes del inicio del b\u00fafer, lo que puede conllevar a una ejecuci\u00f3n de c\u00f3digo. Una v\u00edctima necesitar\u00eda acceder a un archivo malicioso para desencadenar esta vulnerabilidad"}], "lastModified": "2022-10-11T15:28:24.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hancom:hancom_office_2020:11.0.0.5357:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3920CE66-510C-4FEA-A687-1E62A38C7032"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}