Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistCertccCVELIST:CVE-2016-4296
HistoryJan 06, 2017 - 9:00 p.m.

CVE-2016-4296

2017-01-0621:00:00
certcc
www.cve.org
6

EPSS

0.001

Percentile

42.2%

JSON

When opening a Hangul Hcell Document (.cell) and processing a record that uses the CSSValFormat object, Hancom Office 2014 will search for an underscore (“_”) character at the end of the string and write a null terminator after it. If the character is at the very end of the string, the application will mistakenly write the null-byte outside the bounds of its destination. This can result in heap corruption that can lead code execution under the context of the application

CNA Affected

[
  {
    "product": "Hancom Office",
    "vendor": "Hancom",
    "versions": [
      {
        "status": "affected",
        "version": "2014 VP Trial HCell.exe Product version: 9.1.0.2176, HCellApp.dll Product version: 9.1.0.2176 HCellBook.dll Product version: 9.1.0.2176"
      }
    ]
  }
]

Related

cve 1
talos 1
seebug 1
prion 1
nvd 1
cve
cve
CVE-2016-4296
2017-01-06 21:59:01
talos
talos
Hancom Hangul HCell CSSValFormat::CheckUnderbar Code Execution Vulnerability
2016-08-04 00:00:00
seebug
seebug
Hancom Hangul HCell CSSValFormat::CheckUnderbar Code Execution Vulnerability(CVE-2016-4296)
2017-10-13 00:00:00
prion
prion
Out-of-bounds
2017-01-06 21:59:00
nvd
nvd
CVE-2016-4296
2017-01-06 21:59:01

EPSS

0.001

Percentile

42.2%

JSON
Related for CVELIST:CVE-2016-4296
cve1talos1seebug1prion1nvd1