CVE

Id
91111  
CVE No.
CVE-2016-4292  
Status
Candidate  
Description
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a static size to allocate a heap buffer yet explicitly trust a size from the file when modifying data inside of it. Due to this, an aggressor can corrupt memory outside the bounds of this buffer which can lead to code execution under the context of the application.  
Phase
Assigned (20160427)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
783558 91111 CVE-2016-4292 MISC:http://www.talosintelligence.com/reports/TALOS-2016-0147/  View
783559 91111 CVE-2016-4292 BID:92325  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
3271 JVNDB-2016-004044 Apple iOS のカレンダーにおけるサービス運用妨害 (DoS) の脆弱性 Apple iOS のカレンダーには、サービス運用妨害 (NULL ポインタデリファレンスおよびデバイスの再起動) 状態にされる脆弱性が存在します。 CVE-2016-4605 91111 7.1 6.5 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-004044.html  View