Lucene search

[email protected]CVE-2016-4293

HistoryApr 20, 2017 - 5:59 p.m.

CVE-2016-4293

2017-04-2017:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve

2016

4293

heap-based buffer overflows

hancom office 2014 vp

remote code execution

hangul hcell document

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.023 Low

EPSS

Percentile

89.8%

JSON

Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file.

Affected configurations

NVD

Node

hancomhancom_office_2014Match9.1.0.2176

CPENameOperatorVersion
hancom:hancom_office_2014hancom hancom office 2014eq9.1.0.2176

CPE	Name	Operator	Version
hancom:hancom_office_2014	hancom hancom office 2014	eq	9.1.0.2176

References

www.securityfocus.com/bid/92327

www.talosintelligence.com/reports/TALOS-2016-0148/

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.023 Low

EPSS

Percentile

89.8%

JSON

Related for CVE-2016-4293

talos1 seebug1 prion1 cvelist1 nvd1