KISA 인터넷 보호나라&KrCERT

KrCERT/CC

Security Advisory

home

CVE-2020-7818 | DaviewIndy Heap Overflow Vulnerability2020.07.17

□ Overview
o HumanTalk Co,Ltd release security update to address a multiple overflow vulnerability.

Vulnerability Type	Impact	Severity	CVSS Score	CVE ID
Heap Overflow	Code Execution	High	7.8	CVE-2020-7818

□ Description
o DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed PDF file

that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. (CVE-2020-7818)

□ Affected Product

Product	Version	Platform
DaviewIndy	8.98.9 or lower	Windows

□ Solution
o Update software over DaviewIndy 8.99.2 0version or higher.

□ Solution
o Thanks for Namjun-Jo for reporting this vulenrability.

□ Reference
[1] https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35521

□ 작성 : 침해사고분석단 취약점분석팀

트위터 페이스북

다음글 CVE-2020-7827, CVE-2020-7828, CVE-2020-7829 | DaviewIndy Multiple Vulnerabilities 2020.07.30
이전글 CVE-2020-7826 | EyeSurfer arbitrary file download and execution vulnerability 2020.07.15

KISA 인터넷 보호나라&KrCERT

인터넷침해사고 경보단계

사이버위협

보안서비스

보안점검

상담 및 신고

빅데이터센터

자료실

KrCERT/CC

KrCERT/CC

Security Advisory

KISA 인터넷 보호나라&KrCERT