Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered an exploitable memory corruption vulnerability in Hancom Office 2020.
Hancom Office is a popular software collection among South Korean users that offers similar products to Microsoft Office, such as word processing and spreadsheet creation and management.
TALOS-2022-1574 (CVE-2022-33896) exists in the way the Hword word processing software processes XML files. An attacker could exploit this vulnerability by tricking the user into opening a specially crafted file, triggering a memory corruption error on the software and potentially leading to remote code execution on the targeted machine.
Cisco Talos worked with Hancom to ensure that this issue is resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.
The following Snort rules will detect exploitation attempts against this vulnerability: 60254 and 60255. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.