CVE-2018-3999

An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and then used in a...

CVE-2018-3984

CVE-2018-3984 affects Atlantis Word Processor 3.0.2.3 and 3.0.2.5. The Word Document parser has an uninitialized length (SprmTDefTable) for the number of table columns, which is later used as a loop bound. A crafted Word doc can trigger a heap-based buffer overflow, leading to code execution unde...

CVE-2018-4001

An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable is later...

CVE-2018-3998

CVE-2018-3998 (Atlantis Word Processor) describes a heap-based buffer overflow in the Windows Enhanced Metafile parser for Atlantis Word Processor v3.2.5.0. A crafted image embedded in a document can cause an undersized allocation, leading to heap corruption when data is copied. The vulnerability...

CVE-2018-3982

An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an...

CVE-2018-3975

An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution...

CVE-2018-3999

Atlanti s Word Processor CVE-2018-3999 affects the JPEG parser in Atlantis Word Processor 3.2.5.0. A specially crafted embedded JPEG image can cause a length underflow, treated as unsigned, leading to a heap-based buffer overflow during decoding of JPEG markers (APPx handling) and subsequent copy...

CVE-2018-3982

CVE-2018-3982 is an exploitable arbitrary write vulnerability in the Atlantis Word Processor (Word Document parser). Cisco Talos reports that Atlantis Word Processor 3.0.2.3 and 3.0.2.5 can be induced to skip adding elements to a loop-indexed array, causing an out-of-bounds read of a pointer and,...

CVE-2018-3978

An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor 3.0.2.3, 3.0.2.5. A specially crafted document can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow. An attacker must convince ...

CVE-2018-4000

An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An...

CVE-2018-4001

CVE-2018-4001 affects Atlantis Word Processor 3.2.5.0. The vulnerability is an uninitialized pointer in the Office Open XML parser that handles table rows (TTableRow). A crafted document can cause an uninitialized pointer to be assigned to a stack variable, which is later dereferenced and written...

CVE-2018-4000

Atlantis Word Processor (version 3.2.5.0) contains a double-free vulnerability in its Office Open XML parser. A specially crafted document can cause a TTableRow object to be referenced twice, leading to a double-free when both references are freed. The TALOS/YR details indicate an exploitable pat...

CVE-2018-3975

Cisco Talos reports CVE-2018-3975 as an Atlants Word Processor 3.2.6 RTF-parsing vulnerability. The flaw is an exploitable uninitialized OLE document pointer (offset -0x8e0) used when parsing RTF tokens; if an attacker can control the stack, they can trigger an out-of-bounds write that can lead t...

CVE-2018-3978

CVE-2018-3978 is a vulnerability in Atlantis Word Processor’s Word Document parser (CLX/Clx handling in the Fib-based WordDocument table). A specially crafted Word binary (DOC) document can trigger a heap-based buffer overflow by mis-processing the Clx/Pcdt piece-descriptor table: the Clx.lcb con...

Vulnerability Spotlight: Multiple vulnerabilities in Atlantis Word Processor

Vulnerabilities discovered by Cory Duplantis of Cisco Talos. Overview Cisco Talos is disclosing several vulnerabilities discovered in Atlantis Word Processor. Atlantis Word Processor is a portable word processor that is also capable of converting any TXT, RTF, ODT, DOC, WRI, or DOCX document into...

Atlantis Word Processor Word Document Complex Piece Descriptor Table Fc.Compressed Code Execution Vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor. A specially crafted document can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow. An attacker must convince a victim ...

PT-2018-16365 · Atlantis · Atlantis Word Processor

Name of the Vulnerable Software and Affected Versions: Atlantis Word Processor version 3.2.5.0 Description: A double-free vulnerability exists in the Office Open XML parser. This issue can be triggered by a specially crafted document, causing a TTableRow instance to be referenced twice. As a...

Atlantis Word Processor Office Open XML TTableRow double free code execution vulnerability

Summary An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope...

Atlantis Word Processor Office Open XML uninitialized TTableRow code execution vulnerability

Summary An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable is later...

PT-2018-16364 · Atlantis · Atlantis Word Processor

Name of the Vulnerable Software and Affected Versions: Atlantis Word Processor version 3.2.5.0 Description: A stack-based buffer overflow issue exists in the JPEG parser. It can be triggered by a specially crafted image embedded within a document, causing a length miscalculation and underflow. Th...