CVE-2016-4292
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a static size to allocate a heap buffer yet explicitly trust a size from the file when modifying data inside of it. Due to this, an aggressor can corrupt memory outside the bounds of this buffer which can lead to code execution under the context of the application.
Cuando se abre un Hangul HShow Document (.hpt) y se procesa una estructura dentro del documento, Hancom Office 2014 utilizará un tamaño estático para ubicar un búfer de memoria dinámica que aún confía explícitamente un tamaño del archivo cuando se modifican datos dentro de él. Debido a esto, un agresor puede corromper memoria fuera de límites de este búfer, lo que puede conducir a ejecución de código bajo el contexto de la aplicación.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-04-27 CVE Reserved
- 2017-01-06 CVE Published
- 2023-08-10 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/92325 | Vdb Entry |
URL | Date | SRC |
---|---|---|
http://www.talosintelligence.com/reports/TALOS-2016-0147 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Hancom Search vendor "Hancom" | Hancom Office 2014 Search vendor "Hancom" for product "Hancom Office 2014" | <= 9.1.0.2176 Search vendor "Hancom" for product "Hancom Office 2014" and version " <= 9.1.0.2176" | - |
Affected
|