Fortinet Discovers Hangul Word Processor Heap Overflow Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a Heap Overflow vulnerability in Hancom's Hangul Word Processor.
Hangul is a proprietary word processing application published by the South Korean company Hancom Inc.. Hangul's specialized support for the Korean written language has gained it widespread use in South Korea, especially by the government.
A Heap Overflow vulnerability has been discovered in Hangul Word Processor due to an uninitialized variable in Hwpapp.dll. It may cause a remote code execution or denial of service on the vulnerable application.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:Hangul.Word.Processor.Heap.Overflow
Released Jul 04, 2016
Users should apply the solution provided by Hancom.
Timeline
Fortinet reported the vulnerability to Hancom on February 29, 2016.
Hancom patched the vulnerability on July 4, 2016.