CVE-2016-4294

Name of the Vulnerable Software and Affected Versions Hancom Office 2014

Description The issue arises when opening a Hangul Hcell Document (.cell) and processing a property record within the Workbook stream. Hancom Office 2014 attempts to allocate space for an element using a length from the file, but when copying user-supplied data to this buffer, it uses a different size. This discrepancy leads to a heap-based buffer overflow, which can result in code execution under the context of the application.

Recommendations For Hancom Office 2014, update to a version that fixes this issue, as the current version is prone to a heap-based buffer overflow when handling specific file types. At the moment, there is no information about a newer version that contains a fix for this vulnerability.