CVE-2018-3984

Name of the Vulnerable Software and Affected Versions Atlantis Word Processor versions 3.0.2.3 through 3.0.2.5

Description The issue is caused by an uninitialized length vulnerability in the Word document-parser of the Atlantis Word Processor. A specially crafted document can lead to a buffer overflow, potentially resulting in code execution under the context of the application. This can happen when the application skips initializing a value representing the number of columns of a table, and later uses this value as a length within a loop that writes to a pointer on the heap. An attacker must convince a victim to open a malicious document to trigger this issue.

Recommendations For versions 3.0.2.3 and 3.0.2.5, avoid opening documents from untrusted sources until a patch is available. As a temporary workaround, consider restricting the use of the Word document-parser function until a fix is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.