Cybersecurity researchers at Cisco Talos have once again discovered multiple critical security vulnerabilities in the Atlantis Word Processor that allow remote attackers to execute arbitrary code and take over affected computers.
An alternative to Microsoft Word, Atlantis Word Processor is a fast-loading word processor application that allows users to create, read and edit word documents effortlessly. It can also be used to convert TXT, RTF, ODT, DOC, WRI, or DOCX documents to ePub.
Just 50 days after disclosing 8 code execution vulnerabilities in previous versions of Atlantis Word Processor, Talos team today revealed details and proof-of-concept exploits for 3 more remote code execution vulnerabilities in the application.
All the three vulnerabilities, listed below, allow attackers to corrupt the application’s memory and execute arbitrary code under the context of the application.
- Incorrect Calculation of Buffer Size (CVE-2018-4038) — an exploitable arbitrary write vulnerability resides in the open document format parser of Atlantis Word Processor while trying to null-terminate a string.
- Improper Validation of Array Index (CVE-2018-4039) — an out-of-bounds write vulnerability exists in the PNG implementation of.
- Use of Uninitialized Variable (CVE-2018-4040) — an exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor.
All these vulnerabilities affect Atlantis Word Processor versions 22.214.171.124, 126.96.36.199 and can be exploited by convincing a victim into opening a specially crafted malicious booby-trapped document.
Talos researchers responsibly reported all the vulnerabilities to the developers of the affected software, who have now released an updated version 188.8.131.52 that addresses the issues.
If you haven’t yet, you are highly advised to update your word processing software to the latest version and security enthusiasts who are interested in learning more about these issues can head on to Talos blog for technical details.
Success! An email was just sent to confirm your subscription.