Hangul Word Processor documents are a favourite vector of threat actors targeting users in South Korea. Know vulnerable versions: Hancom Office 2014 version 9. More details can be found in the vulnerability reports: TALOS-2017-0320. This leads to a buffer overflow condition as the contents of the tab section are written outside of the allocated buffer onto the heap, ultimately leading to remote code execution. However, a value can be included in the header which leads to the heap buffer used in the previous tab definition being re-used without being resized. The header information in this section describes how much memory is required to load the relevant data section.
The record, HWPTAG_TAB_DEF describes information about the tab definitions within the document.
When opening a document the software reads metadata tags which describe the object properties, and calculates the memory necessary to store each object. Hangul Word Processor documents uses a structured format to store the various objects that comprise the final document. TALOS-2017-0320 (CVE-2017-2819) Hangul Word Processor Buffer Overflow Vulnerability This vulnerability allows attackers to craft a malicious document that when opened, allows the attacker to cause arbitrary code to be executed on the victim’s system. the Hangul Office Suite, of which Hangul Word Processor is part, is the leading word processing and office productivity suite in South Korea. Vulnerability discovered by a member of Talos.
0 kommentar(er)
