본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26618 | Tmax ToOffice arbitrary file creation vulnerability2022.02.18
□ Overview
 o TmaxSoft Co., Ltd released security update to address Improper Input Validation vulnerability in ToOffice.
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
Improper Input Validation Arbitrary file creation High 7.1 CVE-2021-26618

□ Description
 o An improper input validation leading to arbitrary file creation was discovered in ToWord of ToOffice.
 o Remote attackers use this vulnerability to execute arbitrary file included malicious code.

□ Affected Product
Affected Product
Product Version Platform
ToOffice prior of 3.15.5 Windows

□ Solution
 o Update software over ToOffice 3.15.6 version or higher.

□ Reference
 [1] https://www.tmax.co.kr/tooffice

□ Etc
 o Thanks to Shin Jae Wook for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀