CVE-2016-4295

Name of the Vulnerable Software and Affected Versions Hancom Office version 2014

Description The issue arises when opening a Hangul Hcell Document (.cell) and processing a specific record within the Workbook stream, leading to an index miscalculation and a potential heap overflow. This occurs due to the processing of data for a formula used to render a chart via the HncChartPlugin.hplg library. The lack of bounds-checking when incrementing an index used for writing into a buffer for formulae allows the application to write pointer data outside its bounds, potentially leading to code execution under the context of the application.

Recommendations For Hancom Office version 2014, consider disabling the HncChartPlugin.hplg library as a temporary workaround to minimize the risk of exploitation. Restrict access to the formula rendering functionality to reduce the likelihood of the issue being triggered. At the moment, there is no information about a newer version that contains a fix for this vulnerability.