{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T13:35:44.825","vulnerabilities":[{"cve":{"id":"CVE-2016-4296","sourceIdentifier":"cret@cert.org","published":"2017-01-06T21:59:01.337","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"When opening a Hangul Hcell Document (.cell) and processing a record that uses the CSSValFormat object, Hancom Office 2014 will search for an underscore (\"_\") character at the end of the string and write a null terminator after it. If the character is at the very end of the string, the application will mistakenly write the null-byte outside the bounds of its destination. This can result in heap corruption that can lead code execution under the context of the application"},{"lang":"es","value":"Cuando se abre un Hangul Hcell Document (.cell) y se procesa un registro que utiliza el objeto CSSValFormat, Hancom Office 2014 buscará un caracter de guión bajo (\"_\") al final de la cadena y escribirá un terminador nulo tras él. Si el carácter está al final de la cadena, la aplicación escribirá erróneamente el byte nulo fuera de los límites de su destino. Esto puede resultar en la corrupción de la memoria dinámica, que puede conducir a ejecución de código bajo el contexto de la aplicación."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hancom:hancom_office_2014:*:*:*:*:*:*:*:*","versionEndIncluding":"9.1.0.2176","matchCriteriaId":"C0371DC9-A86B-4729-B74C-7C0AA87A54BB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/92327","source":"cret@cert.org"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0151/","source":"cret@cert.org","tags":["Exploit","Technical Description","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/92327","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0151/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory","VDB Entry"]}]}}]}