본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7872 | HumanTalk DaviewIndy Integer overflow vulnerability2021.07.01
□ Overview
o HumanTalk Co,Ltd release security update to address a Integer overflow vulnerability in Daviewindy
Vulnerability Type Impact Severity CVSS Score CVE-ID
Integer overflow arbitrary file execution High 7.8 CVE-2020-7872

□ Description
o DaviewIndy has a Integer overflow vulnerability, triggered when the user opens a malformed format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.(CVE-2020-7872)

□ Affected Product
Product Version
DaviewIndy v8.98.7.0
 
□ Solution
o Update software over DaviewIndy 8.98.8.0 version or higher.

□ Acknowledgements
o Thanks to Dong-hyun Kim for reporting these vulnerabilities.
 
□ Reference
o http://datools.kr/zeroboard/view.php?id=datools_notice&page=5&sn1=&divpage=1&sn=off&ss=on&sc=on&select_arrange=headnum&desc=asc&no=506

□ 작성 : 침해사고분석단 취약점분석팀