Content

Talos discloses three vulnerabilities in Atlantis Word Processor

Share

Cisco Talos disclosed three vulnerabilities in the Atlantis Word Processor (AWP). One, CVE-2018-4038, an exploitable arbitrary write vulnerability in open document format parser, could let attackers corrupt memory resulting in code execution. But the miscreants must first get a victim to “open a specially crafted document,” according to an alert.

An exploitable uninitialized pointer vulnerability, CVE-2018-4040, in the rich text format parser of AWP, version 3.2.7.2, could have let “certain RTF tokens to dereference a pointer that has been uninitialized and then write to it,” the alert said. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.

Finally, Talos reported that CVE-2018-4039 is “an exploitable out-of-bounds write vulnerability [that] exists in the PNG implementation” of AWP, version 3.2.7.2, that lets attackers corrupt memory, resulting in “code execution under the context of the application.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.