Code execution vulnerabilities uncovered in Atlantis Word Processor
Researchers have uncovered a slew of critical vulnerabilities in the Atlantis Word Processor which permit attackers to execute code.
Security
On Monday, security researchers from Cisco Talos disclosed the bugs, which were found in Atlantis Word Processor versions 3.0.2.3, 3.2.5.0, and 3.2.6.
The Atlantis Word Processor is software used to create professional documents in a variety of formats and the conversion of files such as .TXT and .DOC into eBook and ePub formats.
The first vulnerability impacts versions 3.0.2.3 and 3.0.2.5. Tracked as CVE-2018-3975, the uninitialized variable vulnerability was uncovered in the RTF-parsing functionality of the software.
See also: Comcast customer portal vulnerabilities exposed sensitive data
If attackers create a crafted RTF file, they can prompt an out-of-bounds write error, leading to the execution of code.
The second bug, CVE-2018-3978, is another exploitable out-of-bounds write vulnerability. Malicious documents can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow error which may also lead to code execution. This security flaw impacts Atlantis Word Processor version 3.2.6.
The third bug, CVE-2018-3982, is a flaw which exists in the Atlantis Word Document parser. If an attacker can lure a user into opening a crafted document, this file can be used to create an arbitrary write condition, leading to memory corruption and code execution under the context of the application. Versions 3.0.2.3 and 3.0.2.5 of Atlantis are affected.
Also impacting Atlantis versions 3.0.2.3 and 3.0.2.5 is CVE-2018-3983, a near-null write vulnerability also found in the software's parser. If a malicious document is opened in Atlantis, this can cause a heap memory error, resulting in code execution under the current context of the application.
TechRepublic: 52% of businesses have weak cybersecurity vulnerability assessment strategies
Cisco Talos researchers also identified CVE-2018-3984 in Atlantis versions 3.0.2.3 and 3.0.2.5. This security flaw, an uninitialized length vulnerability, is also in the parser element of the software. If exploited, attackers can trigger code execution in the context of the application as long as a victim opens a crafted file.
Cisco Talos researchers also disclosed CVE-2018-3998, which affects Atlantis Word Processor version 3.2.5.0.
The heap-based buffer overflow flaw exists in the Windows Enhanced Metafile parser of Atlantis. If a crafted file is opened in the software, this can cause an allocation error reading to code execution.
CNET: These popular Android phones came with vulnerabilities pre-installed
Another security flaw was discovered in the same version of Atlantis. CVE-2018-3999 exists in the Atlantis JPEG parser. Malicious documents opened by a victim can be used to cause a length underflow issue, exploitable to perform code execution.
The final bug, CVE-2018-4000, impacts version 3.2.5.0 of the software. The double-free vulnerability exists in the Office Open XML parser of Atlantis and can lead to code execution.
A standalone patch has been made available and can be downloaded from the Talos advisory. The latest version of Atlantis is 3.2.7. Users should update their software builds to mitigate the risk of exploit.