CVE-2016-4298 (GCVE-0-2016-4298)

Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-06 00:25
VLAI?
Summary
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a list of elements using a length from the file. When calculating this length, an integer overflow can be made to occur which will cause the buffer to be undersized when the application tries to copy file data into the object containing this structure. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application.
Severity ?
No CVSS data available.
CWE
  • integer overflow
Assigner
References
Impacted products
Vendor Product Version
n/a Hancom version Hancom Office 2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291 Affected: Hancom version Hancom Office 2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:25:14.120Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.talosintelligence.com/reports/TALOS-2016-0144/"
          },
          {
            "name": "92325",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92325"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Hancom version Hancom Office 2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Hancom version Hancom Office 2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291"
            }
          ]
        }
      ],
      "datePublic": "2016-08-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a list of elements using a length from the file. When calculating this length, an integer overflow can be made to occur which will cause the buffer to be undersized when the application tries to copy file data into the object containing this structure. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "integer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-09T10:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.talosintelligence.com/reports/TALOS-2016-0144/"
        },
        {
          "name": "92325",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92325"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-4298",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Hancom version Hancom Office 2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Hancom version Hancom Office 2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a list of elements using a length from the file. When calculating this length, an integer overflow can be made to occur which will cause the buffer to be undersized when the application tries to copy file data into the object containing this structure. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "integer overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.talosintelligence.com/reports/TALOS-2016-0144/",
              "refsource": "MISC",
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0144/"
            },
            {
              "name": "92325",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92325"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-4298",
    "datePublished": "2017-01-06T21:00:00",
    "dateReserved": "2016-04-27T00:00:00",
    "dateUpdated": "2024-08-06T00:25:14.120Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hancom:hancom_office_2014:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.1.0.2176\", \"matchCriteriaId\": \"C0371DC9-A86B-4729-B74C-7C0AA87A54BB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a list of elements using a length from the file. When calculating this length, an integer overflow can be made to occur which will cause the buffer to be undersized when the application tries to copy file data into the object containing this structure. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application.\"}, {\"lang\": \"es\", \"value\": \"Cuando se abre un Hangul HShow Document (.hpt) y se procesa una estructura dentro del documento, Hancom Office 2014 tratar\\u00e1 de asignar espacio para una lista de elementos utilizando una longitud del archivo. Cuando se calcula esta longitud, puede hacer que ocurra un desbordamiento de entero que provocar\\u00e1 que el b\\u00fafer se subdimensione cuando la aplicaci\\u00f3n trata de copiar datos del archivo en el objeto que contiene esta estructura. Esto permite a uno sobreescribir datos contig\\u00fcos en la memoria din\\u00e1mica lo que puede conducir a una ejecuci\\u00f3n de c\\u00f3digo bajo el contexto de la aplicaci\\u00f3n.\"}]",
      "id": "CVE-2016-4298",
      "lastModified": "2024-11-21T02:51:49.490",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-01-06T21:59:01.367",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/92325\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://www.talosintelligence.com/reports/TALOS-2016-0144/\", \"source\": \"cret@cert.org\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/92325\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.talosintelligence.com/reports/TALOS-2016-0144/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-4298\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2017-01-06T21:59:01.367\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a list of elements using a length from the file. When calculating this length, an integer overflow can be made to occur which will cause the buffer to be undersized when the application tries to copy file data into the object containing this structure. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application.\"},{\"lang\":\"es\",\"value\":\"Cuando se abre un Hangul HShow Document (.hpt) y se procesa una estructura dentro del documento, Hancom Office 2014 tratar\u00e1 de asignar espacio para una lista de elementos utilizando una longitud del archivo. Cuando se calcula esta longitud, puede hacer que ocurra un desbordamiento de entero que provocar\u00e1 que el b\u00fafer se subdimensione cuando la aplicaci\u00f3n trata de copiar datos del archivo en el objeto que contiene esta estructura. Esto permite a uno sobreescribir datos contig\u00fcos en la memoria din\u00e1mica lo que puede conducir a una ejecuci\u00f3n de c\u00f3digo bajo el contexto de la aplicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hancom:hancom_office_2014:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.1.0.2176\",\"matchCriteriaId\":\"C0371DC9-A86B-4729-B74C-7C0AA87A54BB\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/92325\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.talosintelligence.com/reports/TALOS-2016-0144/\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/92325\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.talosintelligence.com/reports/TALOS-2016-0144/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.