PT-2018-1610 · Atlantis · Atlantis Word Processor

Published

2018-09-10

Updated

2022-04-19

CVE-2018-3975

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Atlantis Word Processor version 3.2.6

Description The issue is related to an uninitialized variable in the RTF-parsing functionality. It can be exploited using a specially crafted RTF file, which may lead to an out-of-bounds write and potentially result in code execution. This could allow a remote attacker to execute arbitrary code within the application context.

Recommendations For Atlantis Word Processor version 3.2.6, update to a newer version that addresses this issue, as using a specially crafted RTF file could lead to code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-457CWE-908

Related Identifiers

BDU:2018-01169

CVE-2018-3975

Affected Products

Atlantis Word Processor

PT-2018-1610 · Atlantis · Atlantis Word Processor

CVE-2018-3975

Weakness Enumeration

Related Identifiers

Affected Products

References · 5