Fortinet Discovers Hangul Word Processor Heap Overflow Vulnerability
Fortinet's FortiGuard Labs has discovered a Heap Overflow vulnerability in Hancom's Hangul Word Processor.
Hangul is a proprietary word processing application published by the South Korean company Hancom Inc.. Hangul's specialized support for the Korean written language has gained it widespread use in South Korea, especially by the government.
A Heap Overflow vulnerability has been discovered in Hangul Word Processor due to an uninitialized variable in Hwpapp.dll. It may cause a remote code execution or denial of service on the vulnerable application.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Jul 04, 2016
Users should apply the solution provided by Hancom.
Fortinet reported the vulnerability to Hancom on February 29, 2016.
Hancom patched the vulnerability on July 4, 2016.
This vulnerability was discovered by Wayne Low of Fortinet's FortiGuard Labs.