Vulnerability Details CVE-2015-2810
Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 2014 VP 9.1.0.2186, allows remote attackers to cause a denial of service (crash) and possibly "influence the program's execution flow" via a document with a large paragraph size, which triggers heap corruption.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 81.0%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2015-2810
-
cpe:2.3:a:hancom:hanword_viewer_2007:*
-
cpe:2.3:a:hancom:hanword_viewer_2010:8.5.6.1158
-
cpe:2.3:a:hancom:hwp_2014:*
-
cpe:2.3:a:hancom:hwpviewer_2014:9.1.0.2186