Vulnerabilities Discovered In Atlantis Word Processor

0
1308

I have a question for your friends. How many Emails you get per day. The answer may differ but around many. The emails may have attachments files also.

I always think twice before opening creepy looking email attachments, especially word and pdf files.

Cybersecurity researchers at Cisco Talos have once again discovered multiple critical security vulnerabilities in a famous word processor Atlantis Word Processor. It allows attackers to run and execute malicious code and take over affected computers.

Atlantis Word Processor is a fast-loading word processor And the alternative to Microsoft Word. You can create, read and edit word documents effortlessly on it. It can also be used to convert TXT, RTF, ODT, DOC, WRI, or DOCX documents to ePub.

In the previous versions of Atlantis Word Processor, there are 8 code execution vulnerabilities . Talos team also found exploits for 3 more remote code execution vulnerabilities in the application this time.

All the three vulnerabilities, listed below.

  • Incorrect Calculation of Buffer Size (CVE-2018-4038) — an exploitable arbitrary write vulnerability resides in the open document format parser of Atlantis Word Processor while trying to null-terminate a string.
  • Improper Validation of Array Index (CVE-2018-4039) — an out-of-bounds write vulnerability exists in the PNG implementation of.
  • Use of Uninitialized Variable (CVE-2018-4040) — an exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor.

All these vulnerabilities affect Atlantis Word Processor versions 3.2.7.1, 3.2.7.2. Talos researchers responsibly reported all the vulnerabilities to the developers of the affected software, who have now released an updated version 3.2.10.1 that addresses the issues.

You are highly recommended to update your word processing software to the latest version.

The easiest way to prevent yourself from such vulnerabilities is never to open any document in an email from unknown or untrusted sources.

LEAVE A REPLY

Please enter your comment!
Please enter your name here