Vulnerabilities > CVE-2018-4040 - Access of Uninitialized Pointer vulnerability in Atlantiswordprocessor Atlantis Word Processor 3.2.7.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Talos
| id | TALOS-2018-0713 |
| last seen | 2019-05-29 |
| published | 2018-11-20 |
| reporter | Talos Intelligence |
| source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0713 |
| title | Atlantis Word Processor rich text format uninitialized TAutoList remote code execution vulnerability |
The Hacker News
| id | THN:256E89A426EB6F7EB8009CE059DA58AD |
| last seen | 2018-11-20 |
| modified | 2018-11-20 |
| published | 2018-11-20 |
| reporter | The Hacker News |
| source | https://thehackernews.com/2018/11/word-processor-vulnerability.html |
| title | 3 New Code Execution Flaws Discovered in Atlantis Word Processor |