CVE-2018-3982

Name of the Vulnerable Software and Affected Versions Atlantis Word Processor versions 3.0.2.3 through 3.0.2.5

Description An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor. A specially crafted document can prevent the application from adding elements to an array that is indexed by a loop, resulting in an out-of-bounds index. This can lead to arbitrary data being read as a pointer, and when the application attempts to write to said pointer, an arbitrary write will occur. The vulnerability can allow an attacker to further corrupt memory, leading to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.

Recommendations For versions 3.0.2.3 and 3.0.2.5, consider avoiding the use of the Word document parser until a patch is available. As a temporary workaround, restrict the opening of documents from untrusted sources to minimize the risk of exploitation. Avoid using the application to open specially crafted documents until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.