CVE-2015-2810

2015-05-1522:59:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2015-2810

integer overflow

hancom office

hanword

denial of service

heap corruption

security vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.8%

JSON

Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 2014 VP 9.1.0.2186, allows remote attackers to cause a denial of service (crash) and possibly “influence the program’s execution flow” via a document with a large paragraph size, which triggers heap corruption.

Affected configurations

NVD

Node

hancomhanword_viewer_2007

hancomhanword_viewer_2010Match8.5.6.1158

hancomhwp_2014Range≤9.1.0.2342

hancomhwpviewer_2014Match9.1.0.2186

CPENameOperatorVersion
hancom:hanword_viewer_2007hancom hanword viewer 2007eq*
hancom:hanword_viewer_2010hancom hanword viewer 2010eq8.5.6.1158
hancom:hwp_2014hancom hwp 2014le9.1.0.2342
hancom:hwpviewer_2014hancom hwpviewer 2014eq9.1.0.2186

CPE	Name	Operator	Version
hancom:hanword_viewer_2007	hancom hanword viewer 2007	eq	*
hancom:hanword_viewer_2010	hancom hanword viewer 2010	eq	8.5.6.1158
hancom:hwp_2014	hancom hwp 2014	le	9.1.0.2342
hancom:hwpviewer_2014	hancom hwpviewer 2014	eq	9.1.0.2186