3 New Code Execution Flaws Discovered in Atlantis Word Processor

This is why you need to often imagine two times just before opening innocent on the lookout email attachments, particularly term and pdf data files.

Cybersecurity scientists at Cisco Talos have the moment once again uncovered a number of important stability vulnerabilities in the Atlantis Word Processor that make it possible for distant attackers to execute arbitrary code and take in excess of afflicted computers.

An different to Microsoft Term, Atlantis Word Processor is a quickly-loading phrase processor software that will allow users to develop, go through and edit phrase files effortlessly. It can also be applied to convert TXT, RTF, ODT, DOC, WRI, or DOCX documents to ePub.

Just 50 times immediately after disclosing 8 code execution vulnerabilities in past versions of Atlantis Phrase Processor, Talos crew now revealed facts and evidence-of-concept exploits for 3 additional remote code execution vulnerabilities in the software.

All the a few vulnerabilities, stated underneath, permit attackers to corrupt the application’s memory and execute arbitrary code under the context of the application.

  • Incorrect Calculation of Buffer Sizing (CVE-2018-4038) — an exploitable arbitrary write vulnerability resides in the open document format parser of Atlantis Term Processor while striving to null-terminate a string.
  • Inappropriate Validation of Array Index (CVE-2018-4039) — an out-of-bounds create vulnerability exists in the PNG implementation of.
  • Use of Uninitialized Variable (CVE-2018-4040) — an exploitable uninitialized pointer vulnerability exists in the abundant text structure parser of Atlantis Phrase Processor.

All these vulnerabilities impact Atlantis Word Processor versions 3.2.7.1, 3.2.7.2 and can be exploited by convincing a victim into opening a specially crafted destructive booby-trapped doc.

Talos scientists responsibly documented all the vulnerabilities to the developers of the impacted application, who have now produced an updated variation 3.2.10.1 that addresses the issues.

If you have not nevertheless, you are highly encouraged to update your term processing application to the hottest version and security fanatics who are interested in discovering additional about these problems can head on to Talos website for technical specifics.

The least difficult way to stop you from becoming a victim of attacks leveraging these vulnerabilities is in no way to open up any document supplied in an electronic mail from unknown or untrusted sources.

Fibo Quantum

Be the first to comment

Leave a Reply

Your email address will not be published.


*