Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1206

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-1206
Last Modified 24 Feb 2012 12:00:00
Published 24 Feb 2012 08:55:06
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1206

Summary

Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG image to the ImportGR in the JPG image filter module (HncJpeg10.flt) or (2) PNG image to the PNG image filter module (HncPng10.flt), which triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Hancom Office 2010 Se 8.5.5


References

XF - hancom-png-bo(73026)

XF - hancom-importgr-bo(73025)

BID - 51892

MISC - http://www.hancom.co.kr/notice.noticeView.do?targetRow=1¬ice_seqno=100

SECUNIA - 47386

OSVDB - 78907

OSVDB - 78906


Last Updated: 27 May 2016 10:58:18