CVE-2015-2810

Published: May 15, 2015Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 2014 VP 9.1.0.2186, allows remote attackers to cause a denial of service (crash) and possibly "influence the program's execution flow" via a document with a large paragraph size, which triggers heap corruption.

Affected (4)

Products: Hancom: Hanword Viewer 2007, Hanword Viewer 2010, Hwp 2014, Hwpviewer 2014

4 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Hancom Hanword Viewer 2007	All versions
Hancom Hanword Viewer 2010	Version 8.5.6.1158
Hancom Hwp 2014	Up to 9.1.0.2342
Hancom Hwpviewer 2014	Version 9.1.0.2186

Related CWEs

CWE-189

References (4)

http://seclists.org/bugtraq/2015/Apr/89

Source: cve@mitre.org

http://www.securityfocus.com/bid/74153

Source: cve@mitre.org

http://seclists.org/bugtraq/2015/Apr/89

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/74153

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.