CVE-2016-4298
Summary
| CVE | CVE-2016-4298 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-01-06 21:59:00 UTC |
| Updated | 2017-01-11 02:59:00 UTC |
| Description | When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a list of elements using a length from the file. When calculating this length, an integer overflow can be made to occur which will cause the buffer to be undersized when the application tries to copy file data into the object containing this structure. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application. |
Risk And Classification
Problem Types: CWE-190
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hancom | Hancom Office 2014 | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Talos - Talos 2016 0144 | MISC | www.talosintelligence.com | Exploit, Technical Description, Third Party Advisory, VDB Entry |
| Hancom Office 2014 VP Multiple Local Arbitrary Code Execution Vulnerabilities | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.