Vulnerabilities > CVE-2012-1206 - Numeric Errors vulnerability in Hancom Office 2010 SE 8.5.5
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG image to the ImportGR in the JPG image filter module (HncJpeg10.flt) or (2) PNG image to the PNG image filter module (HncPng10.flt), which triggers a heap-based buffer overflow.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
References
- http://osvdb.org/78906
- http://osvdb.org/78907
- http://secunia.com/advisories/47386
- http://www.hancom.co.kr/notice.noticeView.do?targetRow=1¬ice_seqno=100
- http://www.securityfocus.com/bid/51892
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73025
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73026