Vulnerabilities > CVE-2018-3975 - Use of Uninitialized Resource vulnerability in Atlantiswordprocessor Atlantis Word Processor 3.2.6
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Talos
id | TALOS-2018-0641 |
last seen | 2019-05-29 |
published | 2018-10-01 |
reporter | Talos Intelligence |
source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0641 |
title | Atlantis Word Processor uninitialized TDocOleObject code execution vulnerability |