CVE-2016-4290

Name of the Vulnerable Software and Affected Versions Hancom Office 2014

Description The issue arises when opening a Hangul HShow Document (.hpt) and processing a structure within the document. Hancom Office 2014 attempts to allocate space for a block of data within the file, but it fails to check for integer overflow when calculating the length. This results in an undersized buffer, allowing for the overwrite of contiguous data in the heap, which can lead to code execution under the context of the application.

Recommendations For Hancom Office 2014, consider updating to a newer version that addresses this issue, as the current version does not perform sufficient checks for integer overflow when allocating space for file data. As a temporary workaround, avoid opening untrusted Hangul HShow Documents (.hpt) to minimize the risk of exploitation.