CVE-2025-29867
Unknown Unknown - Not Provided
Type Confusion Vulnerability in Hancom Office Enables File Injection

Publication date: 2026-02-04

Last updated on: 2026-02-04

Assigner: KrCERT/CC

Description
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681; Hancom Office 2020: before 11.0.0.8916; Hancom Office 2022: before 12.0.0.4426; Hancom Office 2024: before 13.0.0.3050.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-02-04
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-29867
EUVD
EUVD-2025-206779
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
hancom_inc hancom_office 10.0.0.12680
hancom_inc hancom_office 11.0.0.8915
hancom_inc hancom_office 12.0.0.4425
hancom_inc hancom_office 13.0.0.3049
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-843 The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

[{'type': 'paragraph', 'content': 'The primary mitigation step is to update Hancom Office to the fixed versions or later that address this vulnerability.'}, {'type': 'list_item', 'content': 'Update Hancom Office 2018 to version 10.0.0.12681 or later.'}, {'type': 'list_item', 'content': 'Update Hancom Office 2020 to version 11.0.0.8916 or later.'}, {'type': 'list_item', 'content': 'Update Hancom Office 2022 to version 12.0.0.4426 or later.'}, {'type': 'list_item', 'content': 'Update Hancom Office 2024 to version 13.0.0.3050 or later.'}, {'type': 'paragraph', 'content': "You can download the latest patches and updates from Hancom's official support download center."}] [1, 2]

Executive Summary

CVE-2025-29867 is a Type Confusion vulnerability found in multiple versions of Hancom Office products. This vulnerability occurs due to insufficient input validation when processing DOC documents, which allows an attacker to inject file content improperly.

Specifically, this flaw enables attackers to execute arbitrary code on affected systems by exploiting the way Hancom Office handles certain file types, leading to potential unauthorized actions.

Impact Analysis

This vulnerability can have serious impacts as it allows attackers to execute arbitrary code on your system. This means an attacker could potentially take control of your computer, install malware, steal sensitive information, or disrupt normal operations.

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability is related to Hancom Office products processing DOC documents with insufficient input validation, leading to arbitrary code execution. Detection would involve identifying vulnerable versions of Hancom Office installed on your systems.'}, {'type': 'paragraph', 'content': 'You can check the installed version of Hancom Office on your system to determine if it is affected. For example, on Windows, you might use commands or check the application version via the Control Panel or application About dialog.'}, {'type': 'list_item', 'content': "On Windows, use PowerShell to check installed Hancom Office version: Get-ItemProperty 'HKLM:\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*' | Where-Object { $_.DisplayName -like '*Hancom Office*' } | Select-Object DisplayName, DisplayVersion"}, {'type': 'list_item', 'content': 'Alternatively, check the version from the executable properties of Hancom Office applications.'}, {'type': 'paragraph', 'content': 'Network detection of exploitation attempts is not detailed in the provided resources.'}] [2]

Compliance Impact

The provided information does not specify how the CVE-2025-29867 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-29867. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart