Vulnerabilities > CVE-2018-4000 - Double Free vulnerability in Atlantiswordprocessor Atlantis Word Processor 3.2.5.0

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

atlantiswordprocessor

CWE-415

NVD

Published: 2018-10-01

Updated: 2023-02-04

Summary

An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An attacker must convince a victim to open a document in order to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Atlantiswordprocessor Atlantiswordprocessor Atlantis Word Processor 3.2.5.0	1

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

Talos

id	TALOS-2018-0668
last seen	2019-05-29
published	2018-10-01
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0668
title	Atlantis Word Processor Office Open XML TTableRow double free code execution vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0668