본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2020-7827, CVE-2020-7828, CVE-2020-7829 | DaviewIndy Multiple Vulnerabilities2020.07.30
□ Overview
 o HumanTalk Co,Ltd released security update to address multiple vulnerabilities.
Vulerability Type Impact Severity CVSS CVE ID
Use-After-Free Code execution High 7.8 CVE-2020-7827
Heap Overflow Code execution High 7.8 CVE-2020-7828
Heap Overflow Code execution High 7.8 CVE-2020-7829

□ Description
 o DaviewIndy has a Use-After-Free vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. (CVE-2020-7827)
 o DaviewIndy has Heap-based overflow vulnerabilities, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. (CVE-2020-7828, 7829)

□ Affected Products
Product Version PlatForm
DaviewIndy 8.98.7 or lower Windows OS
 
□ Solution
 o Update software over DaviewIndy 8.98.8 version or higher. 

□ Acknowledgements
 o Thanks to Donghyun Kim and Namjun Jo for reporting these vulnerabilities.
 
□ Reference site
 [1] https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35539


□ 작성 : 침해사고분석단 취약점분석팀