본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2020-7822, 7823 | DaviewIndy Multiple Vulnerabilities2020.08.04
□ Overview
 o HumanTalk Co,Ltd release security update to address a multiple vulnerability in Architectural Information System.
Vulnerability Type Impact Severity CVSS Score CVE ID
Heap Overflow Code Execution High 7.8 CVE-2020-7822
Memory Corruption Code Execution High 7.8 CVE-2020-7823

□ Description
 o DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. (CVE-2020-7822)
 o DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. (CVE-2020-7823)

□ Affected Product
Product Version Platform
DaviewIndy 8.98.7 or lower Windows

□ Solution
 o Update software over DaviewIndy 8.98.8 0version or higher.

□ Acknowledgements
 o Thanks to Namjun Jo for reporting these vulnerabilities.

□ Reference
 [1] https://www.hmtalk.com/


□ 작성 : 침해사고분석단 취약점분석팀