Researchers have found a series of critical vulnerabilities in the Atlantis Word Processor, allowing attackers to execute code. Cisco Talos security researchers wrote last night about the bugs found in Atlantis Word Processor versions 126.96.36.199, 188.8.131.52 and 3.2.6.
The Atlantis Word Processor is software that can be used to create professional documents in a range of formats. It is also possible to convert .txt and .doc files to eBook and ePub formats. The researchers found no less than eight major vulnerabilities in the software. Let’s get them lined up:
- The first vulnerability has been published under the heading CVE-2018-3975. This is a vulnerability found in the RTF parsing functionality of the software. If the attacker builds an RTF file, this can lead to out-of-bounds errors, allowing code to be executed.
- The second vulnerability is called CVE-2018-3978 and also has to do with an out-of-bounds error. Malware can be used to force Atlantis to write out a certain value, which causes an overload in the buffer and can lead to code being executed. This error affects version 3.2.6.
- Number three is called CVE-2018-3982 and exists in versions 184.108.40.206 and 220.127.116.11 and affects the Atlantis Word Document parser. If an attacker can persuade the user to open a document, this can lead to problems in memory and code output.
- CVE-2018-3983 also affects versions 18.104.22.168 and 22.214.171.124 and is a near-null vulnerability that can be found in the parser of the software. If a malware document is opened, this can lead to a heap memory error and lead to the output of code.
- The Cisco Talos researchers also found the CVE-2018-3984 vulnerability in versions 126.96.36.199 and 188.8.131.52, which affects the parser element of the software. This also allows attackers to have code executed in the context of the app, provided the victim opens a malware-containing document.
- Researchers also found CVE-2018-3998 in version 184.108.40.206 and claim that this is an error that exists in the Windows Enhanced Metafile parser of Atlantis. If a file is opened in the software, this can lead to an allocation error which then executes the code.
- Another error was found in 220.127.116.11, which is called CVE-2018-3999 and affects the Atlantis JPED parser. Malware documents that are opened by the victim also lead to code that can be executed.
- The latest bug, CVE-2018-4000, affects version 18.104.22.168 and is a double-free vulnerability in the Office Open XML parser of Atlantis, which in turn leads to code that can be executed.