CVE-2025-29867
Type Confusion Vulnerability in Hancom Office Enables File Injection
Publication date: 2026-02-04
Last updated on: 2026-02-04
Assigner: KrCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hancom_inc | hancom_office | 10.0.0.12680 |
| hancom_inc | hancom_office | 11.0.0.8915 |
| hancom_inc | hancom_office | 12.0.0.4425 |
| hancom_inc | hancom_office | 13.0.0.3049 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-843 | The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary mitigation step is to update Hancom Office to the fixed versions or later that address this vulnerability.'}, {'type': 'list_item', 'content': 'Update Hancom Office 2018 to version 10.0.0.12681 or later.'}, {'type': 'list_item', 'content': 'Update Hancom Office 2020 to version 11.0.0.8916 or later.'}, {'type': 'list_item', 'content': 'Update Hancom Office 2022 to version 12.0.0.4426 or later.'}, {'type': 'list_item', 'content': 'Update Hancom Office 2024 to version 13.0.0.3050 or later.'}, {'type': 'paragraph', 'content': "You can download the latest patches and updates from Hancom's official support download center."}] [1, 2]
Can you explain this vulnerability to me?
CVE-2025-29867 is a Type Confusion vulnerability found in multiple versions of Hancom Office products. This vulnerability occurs due to insufficient input validation when processing DOC documents, which allows an attacker to inject file content improperly.
Specifically, this flaw enables attackers to execute arbitrary code on affected systems by exploiting the way Hancom Office handles certain file types, leading to potential unauthorized actions.
How can this vulnerability impact me? :
This vulnerability can have serious impacts as it allows attackers to execute arbitrary code on your system. This means an attacker could potentially take control of your computer, install malware, steal sensitive information, or disrupt normal operations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability is related to Hancom Office products processing DOC documents with insufficient input validation, leading to arbitrary code execution. Detection would involve identifying vulnerable versions of Hancom Office installed on your systems.'}, {'type': 'paragraph', 'content': 'You can check the installed version of Hancom Office on your system to determine if it is affected. For example, on Windows, you might use commands or check the application version via the Control Panel or application About dialog.'}, {'type': 'list_item', 'content': "On Windows, use PowerShell to check installed Hancom Office version: Get-ItemProperty 'HKLM:\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*' | Where-Object { $_.DisplayName -like '*Hancom Office*' } | Select-Object DisplayName, DisplayVersion"}, {'type': 'list_item', 'content': 'Alternatively, check the version from the executable properties of Hancom Office applications.'}, {'type': 'paragraph', 'content': 'Network detection of exploitation attempts is not detailed in the provided resources.'}] [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2025-29867 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.