CVE-2018-5201 - OpenCVE

Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hancom	Hancom Office 2010 Hancom Office 2014 Hancom Office 2018 Hancom Office Neo

Configuration 1 [-]

OR	cpe:2.3:a:hancom:hancom_office_2010::::::::
	cpe:2.3:a:hancom:hancom_office_2014::::::::
	cpe:2.3:a:hancom:hancom_office_2018::::::::
	cpe:2.3:a:hancom:hancom_office_neo::::::::

No data.

References

Link	Providers
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30116

History

No history.

MITRE

Status: PUBLISHED

Assigner: krcert

Published: 2018-12-21T16:00:00

Updated: 2024-08-05T05:26:46.987Z

Reserved: 2018-01-03T00:00:00

Link: CVE-2018-5201

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-12-21T16:29:00.240

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-5201

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Hancom Office", "vendor": "HANCOM", "versions": [{"status": "affected", "version": "Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions"}]}], "datePublic": "2018-12-21T00:00:00", "descriptions": [{"lang": "en", "value": "Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions."}], "problemTypes": [{"descriptions": [{"description": "Heap overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-21T15:57:01", "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30116"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2018-5201", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Hancom Office", "version": {"version_data": [{"version_value": "Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions"}]}}]}, "vendor_name": "HANCOM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Heap overflow"}]}]}, "references": {"reference_data": [{"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30116", "refsource": "MISC", "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30116"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:26:46.987Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30116"}]}]}, "cveMetadata": {"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "assignerShortName": "krcert", "cveId": "CVE-2018-5201", "datePublished": "2018-12-21T16:00:00", "dateReserved": "2018-01-03T00:00:00", "dateUpdated": "2024-08-05T05:26:46.987Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hancom:hancom_office_2010:*:*:*:*:*:*:*:*", "matchCriteriaId": "D01D4332-A33A-498F-BD3B-A3D89BBCCF49", "versionEndIncluding": "8.5.8.1724", "vulnerable": true}, {"criteria": "cpe:2.3:a:hancom:hancom_office_2014:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F2B592D-EE5B-417C-BC1E-EDA15E53CA79", "versionEndIncluding": "9.1.1.4540", "vulnerable": true}, {"criteria": "cpe:2.3:a:hancom:hancom_office_2018:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB84EA19-F167-477D-8DB4-88FF2536797D", "versionEndIncluding": "10.0.0.8214", "vulnerable": true}, {"criteria": "cpe:2.3:a:hancom:hancom_office_neo:*:*:*:*:*:*:*:*", "matchCriteriaId": "6594512A-F266-42B3-A140-6A66BFE4837D", "versionEndIncluding": "9.6.1.10472", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions."}, {"lang": "es", "value": "Hancom Office 2018, en versiones 10.0.0.8214 y anteriores; Hancom Office NEO, en versiones 9.6.1.10472 y anteriores; Hancom Office 2014, en versiones 9.1.1.4540 y anteriores; y Hancom Office 2010, en versiones 8.5.8.1724 y anteriores, tienen una vulnerabilidad de desbordamiento de memoria din\u00e1mica (heap) al manejar un archivo compuesto en un documento. Esto resulta en un cierre inesperado del programa o en una denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2018-5201", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-21T16:29:00.240", "references": [{"source": "vuln@krcert.or.kr", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30116"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}