CVE-2012-1206 Information

Description

Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG image to the ImportGR in the JPG image filter module (HncJpeg10.flt) or (2) PNG image to the PNG image filter module (HncPng10.flt) which triggers a heap-based buffer overflow.

Reference

http://osvdb.org/78906 http://osvdb.org/78907 http://secunia.com/advisories/47386 http://www.hancom.co.kr/notice.noticeView.do?targetRow=1&notice_seqno=100 http://www.securityfocus.com/bid/51892 https://exchange.xforce.ibmcloud.com/vulnerabilities/73025 https://exchange.xforce.ibmcloud.com/vulnerabilities/73026