Primary

Context

Hancom Office Type Confusion Vulnerability Allowing File Content Injection

Vulnerability

Patched

A type confusion vulnerability has been identified in Hancom Office 2018, 2020, 2022, and 2024 versions prior to specific release numbers. This vulnerability allows for file content injection, arising from inadequate input validation during the processing of DOC documents.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution.

Remediation

Users can update to Hancom Office 2018 version 10.0.0.12681 or later, Hancom Office 2020 version 11.0.0.8916 or later, Hancom Office 2022 version 12.0.0.4426 or later, and Hancom Office 2024 version 13.0.0.3050 or later. Instructions for downloading the latest version or patch are available on the Hancom website.

Added: Feb 4, 2026, 5:19 AM

Updated: Feb 4, 2026, 5:19 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.2

exploitability

4.2

remediation

7.7

relevance

2.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.2

exploitability

4.2

remediation

7.7

relevance

2.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hancom Office Type Confusion Vulnerability Allowing File Content Injection

Vulnerability

Impact

Remediation

Affected Products

Hancom Office 2018

Hancom Office 2020

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating