CVE-2018-3975

Published: Oct 1, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution.

Affected (1)

Products: Atlantiswordprocessor: Atlantis Word Processor

Atlantiswordprocessor

1 product

Atlantis Word Processor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Atlantiswordprocessor Atlantis Word Processor	Version 3.2.6

Related CWEs

Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0641

Source: talos-cna@cisco.com

ExploitTechnical DescriptionThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0641

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.