CVE-2018-5201 - OpenCVE

Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Hancom	Hancom Office 2010 Hancom Office Neo Hancom Office 2014 Hancom Office 2018

Configuration 1 [-]

OR	cpe:2.3:a:hancom:hancom_office_2010::::::::
	cpe:2.3:a:hancom:hancom_office_2014::::::::
	cpe:2.3:a:hancom:hancom_office_2018::::::::
	cpe:2.3:a:hancom:hancom_office_neo::::::::

References

Link	Resource
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30116	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: krcert

Published: 2018-12-21T16:00:00

Updated: 2018-12-21T15:57:01

Reserved: 2018-01-03T00:00:00

Link: CVE-2018-5201

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-12-21T16:29:00.240

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-5201

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "Hancom Office", "vendor": "HANCOM", "versions": [{"status": "affected", "version": "Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions"}]}], "datePublic": "2018-12-21T00:00:00", "descriptions": [{"lang": "en", "value": "Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions."}], "problemTypes": [{"descriptions": [{"description": "Heap overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-21T15:57:01", "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30116"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2018-5201", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Hancom Office", "version": {"version_data": [{"version_value": "Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions"}]}}]}, "vendor_name": "HANCOM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Heap overflow"}]}]}, "references": {"reference_data": [{"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30116", "refsource": "MISC", "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30116"}]}}}}, "cveMetadata": {"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "assignerShortName": "krcert", "cveId": "CVE-2018-5201", "datePublished": "2018-12-21T16:00:00", "dateReserved": "2018-01-03T00:00:00", "dateUpdated": "2018-12-21T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hancom:hancom_office_2010:*:*:*:*:*:*:*:*", "matchCriteriaId": "D01D4332-A33A-498F-BD3B-A3D89BBCCF49", "versionEndIncluding": "8.5.8.1724", "vulnerable": true}, {"criteria": "cpe:2.3:a:hancom:hancom_office_2014:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F2B592D-EE5B-417C-BC1E-EDA15E53CA79", "versionEndIncluding": "9.1.1.4540", "vulnerable": true}, {"criteria": "cpe:2.3:a:hancom:hancom_office_2018:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB84EA19-F167-477D-8DB4-88FF2536797D", "versionEndIncluding": "10.0.0.8214", "vulnerable": true}, {"criteria": "cpe:2.3:a:hancom:hancom_office_neo:*:*:*:*:*:*:*:*", "matchCriteriaId": "6594512A-F266-42B3-A140-6A66BFE4837D", "versionEndIncluding": "9.6.1.10472", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions."}, {"lang": "es", "value": "Hancom Office 2018, en versiones 10.0.0.8214 y anteriores; Hancom Office NEO, en versiones 9.6.1.10472 y anteriores; Hancom Office 2014, en versiones 9.1.1.4540 y anteriores; y Hancom Office 2010, en versiones 8.5.8.1724 y anteriores, tienen una vulnerabilidad de desbordamiento de memoria din\u00e1mica (heap) al manejar un archivo compuesto en un documento. Esto resulta en un cierre inesperado del programa o en una denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2018-5201", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-21T16:29:00.240", "references": [{"source": "vuln@krcert.or.kr", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30116"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}