all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ZDI-23-1857: (0Day) Hancom Office Show PPT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Add to bookmarks
Dec. 20, 2023, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Show. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-50235.

0day arbitrary code attackers buffer buffer overflow code code execution cvss exploit file malicious office overflow page parsing ppt rating remote code remote code execution stack target vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-454: SolarWinds Access Rights Manager Hard-Coded Credentials Authentication Bypass Vulnerability 2 days, 5 hours ago | www.zerodayinitiative.com
access access rights attackers authentication +18
ZDI-24-456: NI FlexLogger FLXPROJ File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability 2 days, 5 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +15
ZDI-24-455: SolarWinds Access Rights Manager JsonSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability 2 days, 5 hours ago | www.zerodayinitiative.com
access access rights arbitrary code attackers +20
ZDI-24-450: (0Day) D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability 3 days, 5 hours ago | www.zerodayinitiative.com
0day arbitrary code attackers authentication +14
ZDI-24-449: (0Day) D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability 3 days, 5 hours ago | www.zerodayinitiative.com
0day arbitrary code attackers authentication +14
ZDI-24-448: (0Day) D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability 3 days, 5 hours ago | www.zerodayinitiative.com
0day arbitrary code attackers authentication +16
ZDI-24-447: (0Day) D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability 3 days, 5 hours ago | www.zerodayinitiative.com
0day attackers authentication authentication bypass +12
ZDI-24-446: (0Day) D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability 3 days, 5 hours ago | www.zerodayinitiative.com
0day arbitrary code attackers authentication +17
ZDI-24-445: (0Day) D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability 3 days, 5 hours ago | www.zerodayinitiative.com
0day attackers authentication cgi +13

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Information System Security Engineer 2

@ Wyetech | Annapolis Junction, Maryland
View on infosec-jobs.com

Staff Vulnerability/Configuration Management Security Engineer

@ ServiceNow | Hyderabad, India
View on infosec-jobs.com

Security Engineer

@ AXS | London, England, UK
View on infosec-jobs.com