When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a static size to allocate a heap buffer yet explicitly trust a size from the file when modifying data inside of it. Due to this, an aggressor can corrupt memory outside the bounds of this buffer which can lead to code execution under the context of the application.
Published 2017-01-06 21:59:01
Updated 2017-01-11 02:59:11
Source CERT/CC
View at NVD,   CVE.org
Vulnerability category: Overflow

Exploit prediction scoring system (EPSS) score for CVE-2016-4292

0.10%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-4292

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
6.8
MEDIUM AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
NIST
7.8
HIGH CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1.8
5.9
NIST

CWE ids for CVE-2016-4292

References for CVE-2016-4292

Products affected by CVE-2016-4292

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!