□ Overview
o HumanTalk Co,Ltd release security update to address a multiple overflow vulnerability.
Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
Heap Overflow |
Code Execution |
High |
7.8 |
CVE-2020-7818 |
□ Description
o DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed PDF file
that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. (CVE-2020-7818)
□ Affected Product
Product |
Version |
Platform |
DaviewIndy |
8.98.9 or lower |
Windows |
□ Solution
o Update software over DaviewIndy 8.99.2 0version or higher.
□ Solution
o Thanks for Namjun-Jo for reporting this vulenrability.
□ Reference
[1] https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35521
□ 작성 : 침해사고분석단 취약점분석팀 |