CVE-2015-2810 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2015-2810?

CVE-2015-2810 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-2810?

Check the references section above for vendor advisories and patch information. Affected products include: Hancom Hanword Viewer 2007, Hancom Hanword Viewer 2010, Hancom Hwp 2014, Hancom Hwpviewer 2014.

Vulnerability Description

Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 2014 VP 9.1.0.2186, allows remote attackers to cause a denial of service (crash) and possibly "influence the program's execution flow" via a document with a large paragraph size, which triggers heap corruption.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Hancom	Hanword Viewer 2007	All versions
Hancom	Hanword Viewer 2010	8.5.6.1158
Hancom	Hwp 2014	<= 9.1.0.2342
Hancom	Hwpviewer 2014	9.1.0.2186

Related Weaknesses (CWE)

CWE-189

References

FAQ

What is CVE-2015-2810?

CVE-2015-2810 is a vulnerability with a CVSS score of 7.5 (HIGH). Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 201...

How severe is CVE-2015-2810?

CVE-2015-2810 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-2810?

Check the references section above for vendor advisories and patch information. Affected products include: Hancom Hanword Viewer 2007, Hancom Hanword Viewer 2010, Hancom Hwp 2014, Hancom Hwpviewer 2014.