Vulnerabilities > CVE-2018-3975 - Use of Uninitialized Resource vulnerability in Atlantiswordprocessor Atlantis Word Processor 3.2.6

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

atlantiswordprocessor

CWE-908

NVD

Published: 2018-10-01

Updated: 2022-04-19

Summary

An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution.

Vulnerable Configurations

Part	Description	Count
Application	Atlantiswordprocessor Atlantiswordprocessor Atlantis Word Processor 3.2.6	1

Common Weakness Enumeration (CWE)

CWE-908 - Use of Uninitialized Resource

Talos

id	TALOS-2018-0641
last seen	2019-05-29
published	2018-10-01
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0641
title	Atlantis Word Processor uninitialized TDocOleObject code execution vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0641