Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered a vulnerability in Hancom Office — a popular software suite in South Korea — that could allow an attacker to corrupt memory on the targeted machine or execute remote code.
Hancom Office offers similar services to that of Microsoft Office, including word processing and spreadsheet creation and management.
TALOS-2021-1386 (CVE-2021-21958) exists in Hancom Office’s HwordApp.dll. An attacker-created malicious document could trigger a heap-based buffer overflow, eventually leading to code execution and/or memory corruption if the attacker follows a specific attack vector.
Cisco Talos worked with Hancom to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.
Users are encouraged to update these affected products as soon as possible: Hancom Office 2020, version 188.8.131.523 as Talos tested and confirmed these versions of Hancom Office could be exploited by this vulnerability.
The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 58365 and 58366. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall