CVE-2018-4039

An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a...

CVE-2018-4039

An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a...

CVE-2018-4038

An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This...

CVE-2018-4038

An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This...

CVE-2018-4038

CVE-2018-4038 is a memory-corruption, arbitrary-write vulnerability in the Atlantis Word Processor open document format parser. Cisco Talos details show the issue stems from an insecure length handling in the NewAnsiString path within the parser’s buffer/heap management (text processing via LStrS...

CVE-2018-4038

An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This...

Obfuscated Command Line Detection Using Machine Learning

This blog post presents a machine learning ML approach to solving an emerging security problem: detecting obfuscated Windows command line invocations on endpoints. We start out with an introduction to this relatively new threat capability, and then discuss how such problems have traditionally bee...

Intel DCI Policy Update - US

Lenovo Security Advisory: LEN-23611 Potential Impact: Privilege escalation, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3652 Summary Description: Intel is releasing Direct Connect Interface DCI policy update. Existing UEFI setting restrictions for...

Atlantis Word Processor Out-of-Bounds Write Vulnerability

Atlantis Word Processor is a suite of word processor software from the Atlantis Word Processor team. An exploitable out-of-bounds write vulnerability exists in version 3.2.7.2 of Atlantis Word Processor. The vulnerability stems from the program not properly validating array indexes. An attacker c...

Google Chrome GPU Denial of Service Vulnerability

Google Chrome is a web browser developed by Google, Inc.The GPU is one of the graphics processor components of the browser. A denial of service vulnerability exists in the GPU in versions of Google Chrome prior to 70.0.3538.110. A remote attacker can exploit this vulnerability to execute arbitrar...

Atlantis Word Processor open document format parser security vulnerability

Atlantis Word Processor is a suite of word processor software from the Atlantis Word Processor team. open document format parser is one of the open document format parsers. A security vulnerability exists in the open document format parser in Atlantis Word Processor versions 3.2.7.1 and 3.2.7.2. ...

Unspecified vulnerability in Atlantis Word Processor rich text format parser

Atlantis Word Processor is a suite of word processor software from the Atlantis Word Processor team. rich text format parser is one of the rich text format editors. A security vulnerability exists in rich text format parser in Atlantis Word Processor versions 3.2.7.1 and 3.2.7.2. An attacker can...

3 New Code Execution Flaws Discovered in Atlantis Word Processor

This is why you should always think twice before opening innocent looking email attachments, especially word and pdf files. Cybersecurity researchers at Cisco Talos have once again discovered multiple critical security vulnerabilities in the Atlantis Word Processor that allow remote attackers to...

3 New Code Execution Flaws Discovered in Atlantis Word Processor

This is why you should always think twice before opening innocent looking email attachments, especially word and pdf files. Cybersecurity researchers at Cisco Talos have once again discovered multiple critical security vulnerabilities in the Atlantis Word Processor that allow remote attackers to...

Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Atlantis Word Processor

A member of Cisco Talos discovered these vulnerabilities. Executive summary Today, Cisco Talos is disclosing three remote code execution vulnerabilities in the Atlantis Word Processor. Atlantis Word Processor is a traditional word processor that provides a number of basic features for users, in...

Citrix XenServer Security Update

Description of Problem A number of security vulnerabilities have been identified in Citrix XenServer that have deployment-dependent impacts. These issues affect the following supported versions of Citrix XenServer: Citrix XenServer 7.6 Citrix XenServer 7.5 Citrix XenServer 7.1 LTSR CU1 Citrix...

Atlantis Word Processor open document format unchecked NewAnsiString length remote code execution vulnerability

Summary An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This...

Atlantis Word Processor Huffman table code length remote code execution vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open ...

Atlantis Word Processor rich text format uninitialized TAutoList remote code execution vulnerability

Summary An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must...

HPSBHF03600 rev. 2 - Insecure Handling of BIOS and AMT Passwords

Potential Security Impact Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY A potential security vulnerability has been identified with the Intel platform code firmware included in certain Intel vPro Processor families with AMT...