CVE-2021-26618
HIGHToOffice < 3.15.6 - Arbitrary File Creation via ToWord Input Validation
Title source: llmDescription
An improper input validation leading to arbitrary file creation was discovered in ToWord of ToOffice. Remote attackers use this vulnerability to execute arbitrary file included malicious code.
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36456
Scores
CVSS v3
7.1
EPSS
0.0098
EPSS Percentile
57.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (1)
tmax/tooffice
< 3.15.6
Published
Feb 18, 2022
Tracked Since
Feb 18, 2026