CVE-2016-4291
Summary
| CVE | CVE-2016-4291 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-01-06 21:59:00 UTC |
| Updated | 2017-01-11 02:59:00 UTC |
| Description | When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a field from the structure in an operation that can cause the integer to overflow. This result is then used to allocate memory to copy file data in. Due to the lack of bounds checking on the integer, the allocated memory buffer can be made to be undersized at which point the reading of file data will write outside the bounds of the buffer. This can lead to code execution under the context of the application. |
Risk And Classification
Problem Types: CWE-190
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hancom | Hancom Office 2014 | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Talos - Talos 2016 0146 | MISC | www.talosintelligence.com | Exploit, Technical Description, Third Party Advisory, VDB Entry |
| Hancom Office 2014 VP Multiple Local Arbitrary Code Execution Vulnerabilities | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.