CVE-2016-4292

Name of the Vulnerable Software and Affected Versions Hancom Office 2014

Description The issue arises when opening a Hangul HShow Document (.hpt) and processing a structure within the document. Hancom Office 2014 allocates a heap buffer using a static size but trusts a size from the file when modifying data inside it. This discrepancy allows an aggressor to corrupt memory outside the buffer's bounds, potentially leading to code execution under the context of the application.

Recommendations For Hancom Office 2014, consider updating to a newer version that addresses this issue, as using a static size to allocate a heap buffer while trusting a size from the file can lead to memory corruption and code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.