anonhaven
Ad

CVE-2025-29867

HIGH CVSS 4.0: 8.5 EPSS 0.02%
Updated Feb 04, 2026
Access
Parameter Value
CVSS 8.5 (HIGH)
Affected Versions before 10.0.0.12681
Type CWE-843 (Type Confusion)
Vendor Access
Public PoC No

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc.

Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681; Hancom Office 2020: before 11.0.0.8916; Hancom Office 2022: before 12.0.0.4426; Hancom Office 2024: before 13.0.0.3050.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
Passive
Minimal interaction

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-843 Type Confusion

References 2

https://www.boho.or.kr/kr/bbs/view.do?searchCnd=&bbsId=B0000302&searchWrd=&menu…
vuln@krcert.or.kr
https://www.hancom.com/support/downloadCenter/download
vuln@krcert.or.kr
Share Post Share Share Share