A flaw in a popular word processing program in South Korea is opening the door for malicious attackers to deliver arbitrary code to victims’ computers, according to a report from Talos.
Miscreants are exploiting a bug in the Hangul Word Processor, part of the Hangul Office Suite offered by Hancom, that allows them to create malicious documents that delivers arbitrary code once a victim clicks on the doc.
The flaw lies in the manner in which the software assembles a number of components into a complete document. “When opening a document the software reads metadata tags which describe the object properties, and calculates the memory necessary to store each object,” the report stated.
Part of the information includes header data which can be altered, leading to the “heap buffer used in the previous tab definition being re-used without being resized.” The result is a buffer overflow situation, ultimately leading to remote code execution.
Keep patches current, Talos advised, as word processor documents are a popular vector for attack.
More details are available at CVE-2017-2819.