CVE-2016-4296 in Officeالمعلومات

الملخص

بحسب MITRE

When opening a Hangul Hcell Document (.cell) and processing a record that uses the CSSValFormat object, Hancom Office 2014 will search for an underscore ("_") character at the end of the string and write a null terminator after it. If the character is at the very end of the string, the application will mistakenly write the null-byte outside the bounds of its destination. This can result in heap corruption that can lead code execution under the context of the application

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

حجز

27/04/2016

إفشاء

06/01/2017

الاعتدال

تمت الموافقة

إدخال

VDB-95079

CPE

جاهز

CWE

CWE-119 (مؤكد)

CVSS

7.8 (NVD)

EPSS

0.00527

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-4296
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4296
CVE Details	https://www.cvedetails.com/cve/CVE-2016-4296/

التالي ▸نظرة عامة ◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!