□ Overview
o HumanTalk Co,Ltd release security update to address a Heap Overflow vulnerability in Architectural Information System.
| Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
| Heap Overflow |
Code execution |
High |
7.8 |
CVE-2020-7852 |
□ Description
o DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed ex.j2c format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.(CVE-2020-7852)
□ Affected Product
| Product |
Version |
OS |
| DaviewIndy |
9.0 or lower |
Windows |
□ Solution
o Update software over DaviewIndy 9.02 version or higher.
□ Acknowledgements
o Thanks to Gyeongyeong Choi for reporting these vulnerabilities.
□ Reference
[1] https://www.hmtalk.com/
□ 작성 : 침해사고분석단 취약점분석팀 |
