Vulnerabilities > CVE-2018-3975 - Use of Uninitialized Resource vulnerability in Atlantiswordprocessor Atlantis Word Processor 3.2.6

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
atlantiswordprocessor
CWE-908
NVD
Published: 2018-10-01
Updated: 2022-04-19

Summary

An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution.

Vulnerable Configurations

Part Description Count
Application
Atlantiswordprocessor
1

Common Weakness Enumeration (CWE)

Talos

idTALOS-2018-0641
last seen2019-05-29
published2018-10-01
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0641
titleAtlantis Word Processor uninitialized TDocOleObject code execution vulnerability

References