When opening a Hangul Hcell Document (.cell) and processing a record that uses the CSSValFormat object, Hancom Office 2014 will search for an underscore ("_") character at the end of the string and write a null terminator after it. If the character is at the very end of the string, the application will mistakenly write the null-byte outside the bounds of its destination. This can result in heap corruption that can lead code execution under the context of the application
Add your gear to cvedb and we'll alert you only when hancom ships something exploited.
Check my exposure →This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.