Network Security, Vulnerability Management

Flaw in S. Korean word processor Hangul enabling arbitrary code attacks, Talos

A flaw in a popular word processing program in South Korea is opening the door for malicious attackers to deliver arbitrary code to victims' computers, according to a report from Talos.

Miscreants are exploiting a bug in the Hangul Word Processor, part of the Hangul Office Suite offered by Hancom, that allows them to create malicious documents that delivers arbitrary code once a victim clicks on the doc.

The flaw lies in the manner in which the software assembles a number of components into a complete document. "When opening a document the software reads metadata tags which describe the object properties, and calculates the memory necessary to store each object," the report stated. 

Part of the information includes header data which can be altered, leading to the "heap buffer used in the previous tab definition being re-used without being resized." The result is a buffer overflow situation, ultimately leading to remote code execution.

Keep patches current, Talos advised, as word processor documents are a popular vector for attack.

More details are available at CVE-2017-2819.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.