3 Novel Code Execution Flaws Discovered Inward Atlantis Give-And-Take Processor

This is why you lot should ever intend twice earlier opening innocent looking electronic mail attachments, peculiarly discussion too pdf files.

Cybersecurity researchers at Cisco Talos direct maintain 1 time once again discovered multiple critical safety vulnerabilities inward the Atlantis Word Processor that permit remote attackers to execute arbitrary code too direct maintain over affected computers.

An option to Microsoft Word, Atlantis Word Processor is a fast-loading discussion processor application that allows users to create, read too edit discussion documents effortlessly. It tin seat the axe too hold out used to convert TXT, RTF, ODT, DOC, WRI, or DOCX documents to ePub.

Just fifty days later disclosing 8 code execution vulnerabilities inward previous versions of Atlantis Word Processor, Talos squad today revealed details too proof-of-concept exploits for 3 to a greater extent than remote code execution vulnerabilities inward the application.

All the 3 vulnerabilities, listed below, permit attackers to corrupt the application's retentivity too execute arbitrary code nether the context of the application.

• Incorrect Calculation of Buffer Size (CVE-2018-4038) — an exploitable arbitrary write vulnerability resides inward the opened upwards document format parser of Atlantis Word Processor spell trying to null-terminate a string.
• Improper Validation of Array Index (CVE-2018-4039) — an out-of-bounds write vulnerability exists inward the PNG implementation of.
• Use of Uninitialized Variable (CVE-2018-4040) — an exploitable uninitialized pointer vulnerability exists inward the rich text format parser of Atlantis Word Processor.

All these vulnerabilities impact Atlantis Word Processor versions 3.2.7.1, 3.2.7.2 too tin seat the axe hold out exploited past times convincing a victim into opening a specially crafted malicious booby-trapped document.

Talos researchers responsibly reported all the vulnerabilities to the developers of the affected software, who direct maintain right away released an updated version 3.2.10.1 that addresses the issues.

If you lot haven’t yet, you lot are highly advised to update your discussion processing software to the latest version too safety enthusiasts who are interested inward learning to a greater extent than virtually these issues tin seat the axe caput on to Talos weblog for technical details.

The easiest means to foreclose yourself from beingness a victim of attacks leveraging such vulnerabilities is never to opened upwards whatever document provided inward an electronic mail from unknown or untrusted sources.