Back to search
CVE-2016-4292
Published: Jan 6, 2017
Modified: Aug 6, 2024
PUBLISHED
Description
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a static size to allocate a heap buffer yet explicitly trust a size from the file when modifying data inside of it. Due to this, an aggressor can corrupt memory outside the bounds of this buffer which can lead to code execution under the context of the application.
| Vendor | Product | Versions |
|---|---|---|
Hancom | Hancom Office | affected 2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291 |
References
http://www.talosintelligence.com/reports/TALOS-2016-0147/
x_refsource_MISC
92325
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now