CVE-2018-4000

Published: Oct 1, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An attacker must convince a victim to open a document in order to trigger this vulnerability.

Affected (1)

Products: Atlantiswordprocessor: Atlantis Word Processor

Atlantiswordprocessor

1 product

Atlantis Word Processor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Atlantiswordprocessor Atlantis Word Processor	Version 3.2.5.0

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0668

Source: talos-cna@cisco.com

ExploitTechnical DescriptionThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0668

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.