CVE-2013-7420

Hancom Office 2010 SE - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-7420. PoCs published by diroverflow.

AI-analyzed exploit summary This exploit leverages a heap-based buffer overflow in Hancom Office by enticing a victim to open a malicious '.hml' document file. The overflow is triggered by an excessively long 'Text' attribute in the TEXTART element, potentially leading to arbitrary code execution.

Description

Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by diroverflow · textremotewindows
https://www.exploit-db.com/exploits/38910

This exploit leverages a heap-based buffer overflow in Hancom Office by enticing a victim to open a malicious '.hml' document file. The overflow is triggered by an excessively long 'Text' attribute in the TEXTART element, potentially leading to arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Hancom Office 2010 SE 8.5.8
No auth needed
Prerequisites: Victim must open a malicious '.hml' file
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-12/0100.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89871
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/88211

Scores

EPSS 0.0698
EPSS Percentile 93.4%

Details

CWE
CWE-119
Status published
Products (1)
hancom/hancom_office_2010_se 8.5.8
Published Jan 12, 2015
Tracked Since Feb 18, 2026