This is why you should always think twice before opening innocent looking email attachments, especially word and pdf files. Cybersecurity researchers have once again discovered multiple critical security vulnerabilities in the Atlantis Word Processor that allow remote attackers to execute arbitrary code and take over affected computers.
An alternative to Microsoft Word, Atlantis Word Processor is a fast-loading word processor application that allows users to create, read and edit word documents effortlessly. It can also be used to convert TXT, RTF, ODT, DOC, WRI, or DOCX documents to ePub.
All the three vulnerabilities, listed below, allow attackers to corrupt the application's memory and execute arbitrary code under the context of the application.
Incorrect Calculation of Buffer Size (CVE-2018-4038) — an exploitable arbitrary write vulnerability resides in the open document format parser of Atlantis Word Processor while trying to null-terminate a string.
Improper Validation of Array Index (CVE-2018-4039) — an out-of-bounds write vulnerability exists in the PNG implementation of.
Use of Uninitialized Variable (CVE-2018-4040) — an exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor.
All these vulnerabilities affect Atlantis Word Processor versions 3.2.7.1, 3.2.7.2 and can be exploited by convincing a victim into opening a specially crafted malicious booby-trapped document.
Researchers responsibly reported all the vulnerabilities to the developers of the affected software, who have now released an updated version 3.2.10.1 that addresses the issues.
The easiest way to prevent yourself from being a victim of attacks leveraging such vulnerabilities is never to open any document provided in an email from unknown or untrusted sources.
If you have any queries,please do not hesitate to contact us: hello@stravatechnologies.in