본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7852 | DaviewIndy Heap Overflow Vulnerabilities2021.03.23
□ Overview
o HumanTalk Co,Ltd release security update to address a Heap Overflow vulnerability in Architectural Information System.
Vulnerability Type Impact Severity CVSS Score CVE ID
Heap Overflow Code execution High 7.8 CVE-2020-7852
 
□ Description
o DaviewIndy has a Heap-based overflow vulnerability,  triggered when the user opens a malformed ex.j2c format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.(CVE-2020-7852)
 
□ Affected Product
 
Product Version OS
DaviewIndy 9.0 or lower Windows

□ Solution
 o Update software over DaviewIndy 9.02 version or higher.

□ Acknowledgements
 o Thanks to Gyeongyeong Choi for reporting these vulnerabilities.

□ Reference
 [1] https://www.hmtalk.com/

□ 작성 : 침해사고분석단 취약점분석팀