SB2018100109 - Multiple vulnerabilities in Atlantis Word Processor

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018100109

SB2018100109 - Multiple vulnerabilities in Atlantis Word Processor

Published: October 1, 2018 Updated: August 8, 2020

Security Bulletin ID SB2018100109
Severity
High
Patch available
NO
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 75% Medium 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2018-3998)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An exploitable heap-based buffer overflow vulnerability exists in the Windows enhanced metafile parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause an undersized allocation, resulting in an overflow when the application tries to copy data into it. An attacker must convince a victim to open a document in order to trigger this vulnerability.


2) Stack-based buffer overflow (CVE-ID: CVE-2018-3999)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within a document. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Double Free (CVE-ID: CVE-2018-4000)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An attacker must convince a victim to open a document in order to trigger this vulnerability.


4) Buffer overflow (CVE-ID: CVE-2018-4001)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable is later dereferenced and then written to allow for controlled heap corruption, which can lead to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References