CVE-2016-4296
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
When opening a Hangul Hcell Document (.cell) and processing a record that uses the CSSValFormat object, Hancom Office 2014 will search for an underscore ("_") character at the end of the string and write a null terminator after it. If the character is at the very end of the string, the application will mistakenly write the null-byte outside the bounds of its destination. This can result in heap corruption that can lead code execution under the context of the application
Cuando se abre un Hangul Hcell Document (.cell) y se procesa un registro que utiliza el objeto CSSValFormat, Hancom Office 2014 buscará un caracter de guión bajo ("_") al final de la cadena y escribirá un terminador nulo tras él. Si el carácter está al final de la cadena, la aplicación escribirá erróneamente el byte nulo fuera de los límites de su destino. Esto puede resultar en la corrupción de la memoria dinámica, que puede conducir a ejecución de código bajo el contexto de la aplicación.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-04-27 CVE Reserved
- 2017-01-06 CVE Published
- 2023-08-10 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/92327 | Vdb Entry |
URL | Date | SRC |
---|---|---|
http://www.talosintelligence.com/reports/TALOS-2016-0151 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Hancom Search vendor "Hancom" | Hancom Office 2014 Search vendor "Hancom" for product "Hancom Office 2014" | <= 9.1.0.2176 Search vendor "Hancom" for product "Hancom Office 2014" and version " <= 9.1.0.2176" | - |
Affected
|