beatcas.blogg.se

Detailed vulnerability information can be found here. An attacker must convince a victim to open a malicious document in order to trigger this vulnerability. This can allow an attacker to further corrupt memory and execute code under the context of the application.

Later, when the application attempts to write to said pointer, an arbitrary write will occur. When reading from this array, the application will use an out-of-bounds index, which can result in arbitrary data being read as a pointer.

A specially crafted document can cause Atlantis to skip the addition of elements to an array that is indexed by a loop. Tested versions: Atlantis Word Processor 3.2.6 TALOS-2018-0650 - Atlantis Word Processor Word Document Endnote Reference Code Execution Vulnerability (CVE-2018-3982)Īn exploitable arbitrary write vulnerability exists in the Word Document parser of Atlantis Word Processor. An attacker must convince a victim to open a specially crafted, malicious document in order to trigger this vulnerability. A specially crafted document can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow.

Tested versions: Atlantis Word Processor 3.0.2.3, 3.0.2.5 TALOS-2018-0646 - Atlantis Word Processor Word Document Complex Piece Descriptor Table Fc.Compressed Code Execution Vulnerability (CVE-2018-3978)Īn exploitable out-of-bounds write vulnerability exists in the Word Document parser of Atlantis Word Processor. A specially crafted RTF can leverage an uninitialized stack address, resulting in an out-of-bounds write. TALOS-2018-0641 - Atlantis Word Processor Uninitialized TDocOleObject Code Execution Vulnerability (CVE-2018-3975)Īn exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor.

Processor is a portable word processor that is also capable of converting any TXT, RTF, ODT, DOC, WRI, or DOCX document into an eBook in the ePub format. Overview Cisco Talos is disclosing several vulnerabilities discovered in Atlantis Word Processor. Vulnerabilities discovered by Cory Duplantis of Cisco Talos.