CVE-2025-29867
📋 TL;DR
A type confusion vulnerability in Hancom Office allows attackers to inject malicious content into files. This affects users of Hancom Office 2018, 2020, 2022, and 2024 running outdated versions. Successful exploitation could lead to arbitrary code execution or file corruption.
💻 Affected Systems
- Hancom Office 2018
- Hancom Office 2020
- Hancom Office 2022
- Hancom Office 2024
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the privileges of the user opening a malicious document, potentially leading to full system compromise.
Likely Case
File content manipulation or corruption, potentially enabling data theft or denial of service.
If Mitigated
Limited impact if documents are from trusted sources and user privileges are restricted.
🎯 Exploit Status
Exploitation requires user interaction (opening a malicious document). No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Hancom Office 2018: 10.0.0.12681 or later; Hancom Office 2020: 11.0.0.8916 or later; Hancom Office 2022: 12.0.0.4426 or later; Hancom Office 2024: 13.0.0.3050 or later
Vendor Advisory: https://www.hancom.com/support/downloadCenter/download
Restart Required: Yes
Instructions:
1. Visit the Hancom download center. 2. Download the latest version for your product. 3. Install the update. 4. Restart the application or system as prompted.
🔧 Temporary Workarounds
Restrict document sources
allOnly open documents from trusted sources to reduce the risk of exploitation.
Use application sandboxing
allRun Hancom Office in a sandboxed environment to limit potential damage from exploitation.
🧯 If You Can't Patch
- Discontinue use of Hancom Office until patched, using alternative office software.
- Implement strict network filtering to block downloads of Hancom Office documents from untrusted sources.
🔍 How to Verify
Check if Vulnerable:
Check the Hancom Office version in the application's 'About' or 'Help' menu and compare with affected versions listed above.Check Version:
On Windows: Check via 'About Hancom Office' in the application menu. On Linux/macOS: Use the application's help menu or check installation details.Verify Fix Applied:
Confirm the installed version matches or exceeds the patched version for your product.📡 Detection & Monitoring
Log Indicators:
- Unexpected crashes or errors in Hancom Office logs when opening documents.
- Unusual file access patterns from Hancom Office processes.
Network Indicators:
- Downloads of Hancom Office documents from untrusted or suspicious sources.
SIEM Query:
Example: 'process_name:"hancom" AND event_type:"crash"' or 'file_type:".hwp" OR ".hwt" AND source_ip:external'