CVE-2015-2810

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 2014 VP 9.1.0.2186, allows remote attackers to cause a denial of service (crash) and possibly "influence the program's execution flow" via a document with a large paragraph size, which triggers heap corruption.

Desbordamiento de enteros en la función HwpApp::CHncSDS_Manager en el procesador Hancom Office HanWord, utilizado en Hwp 2014 VP anterior a 9.1.0.2342, HanWord Viewer 2007 y Viewer 2010 8.5.6.1158, y HwpViewer 2014 VP 9.1.0.2186, permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente 'influir en el flujo de ejecución del programa' a través de un documento con un tamaño grande de párrafo, lo que provoca una corrupción de la memoria dinámica.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-03-31 CVE Reserved
2015-04-15 CVE Published
2023-06-14 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-189: Numeric Errors

CAPEC

References (2)

URL	Tag	Source
http://seclists.org/bugtraq/2015/Apr/89	Mailing List
http://www.securityfocus.com/bid/74153	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hancom Search vendor "Hancom"		Hanword Viewer 2007 Search vendor "Hancom" for product "Hanword Viewer 2007"				*		-		Affected
Hancom Search vendor "Hancom"		Hanword Viewer 2010 Search vendor "Hancom" for product "Hanword Viewer 2010"				8.5.6.1158 Search vendor "Hancom" for product "Hanword Viewer 2010" and version "8.5.6.1158"		-		Affected
Hancom Search vendor "Hancom"		Hwp 2014 Search vendor "Hancom" for product "Hwp 2014"				<= 9.1.0.2342 Search vendor "Hancom" for product "Hwp 2014" and version " <= 9.1.0.2342"		-		Affected
Hancom Search vendor "Hancom"		Hwpviewer 2014 Search vendor "Hancom" for product "Hwpviewer 2014"				9.1.0.2186 Search vendor "Hancom" for product "Hwpviewer 2014" and version "9.1.0.2186"		-		Affected