Vulnerability Description
Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG image to the ImportGR in the JPG image filter module (HncJpeg10.flt) or (2) PNG image to the PNG image filter module (HncPng10.flt), which triggers a heap-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hancom | Hancom Office 2010 Se | 8.5.5 |
Related Weaknesses (CWE)
References
- http://osvdb.org/78906
- http://osvdb.org/78907
- http://secunia.com/advisories/47386Vendor Advisory
- http://www.hancom.co.kr/notice.noticeView.do?targetRow=1¬ice_seqno=100
- http://www.securityfocus.com/bid/51892
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73025
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73026
- http://osvdb.org/78906
- http://osvdb.org/78907
- http://secunia.com/advisories/47386Vendor Advisory
- http://www.hancom.co.kr/notice.noticeView.do?targetRow=1¬ice_seqno=100
- http://www.securityfocus.com/bid/51892
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73025
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73026
FAQ
What is CVE-2012-1206?
CVE-2012-1206 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG image to the ImportGR in the JPG image filter module ...
How severe is CVE-2012-1206?
CVE-2012-1206 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1206?
Check the references section above for vendor advisories and patch information. Affected products include: Hancom Hancom Office 2010 Se.