Hancom Office 2010 SE suffers from a buffer overflow vulnerability when parsing the TEXTART tag in .hml files. Version 8.5.8 is vulnerable.
05541c8cc40849ea336d882d7811dc128a0cb46699ad4e48d5f4108d8f73f066
There is a vulnerability in Hancom Office 2010 SE, which can be exploited by malicious people to compromise a user's system.
'.hml' is a type of XML document files which is defined by Hancom. Contructing a long TEXTART tag will cause a heap-based buffer overflow. Such as:
<TEXTART Text="AAAAAAAA...(more than 500 bytes)" X0="0" X1="14173" X2="14173" X3="0" Y0="0" Y1="0" Y2="14173" Y3="14173">
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.The vulnerabilities are confirmed in version 8.5.8. Other versions may also be affected.