Researchers have uncovered a slew of critical vulnerabilities in the Atlantis Word Processor which permit attackers to execute code.
On Monday, security researchers from Cisco Talos disclosed the bugs, which were found in Atlantis Word Processor versions 18.104.22.168, 22.214.171.124, and 3.2.6.
The Atlantis Word Processor is software used to create professional documents in a variety of formats and the conversion of files such as .TXT and .DOC into eBook and ePub formats.
The first vulnerability impacts versions 126.96.36.199 and 188.8.131.52. Tracked as CVE-2018-3975, the uninitialized variable vulnerability was uncovered in the RTF-parsing functionality of the software.
If attackers create a crafted RTF file, they can prompt an out-of-bounds write error, leading to the execution of code.
The second bug, CVE-2018-3978, is another exploitable out-of-bounds write vulnerability. Malicious documents can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow error which may also lead to code execution. This security flaw impacts Atlantis Word Processor version 3.2.6.
The third bug, CVE-2018-3982, is a flaw which exists in the Atlantis Word Document parser. If an attacker can lure a user into opening a crafted document, this file can be used to create an arbitrary write condition, leading to memory corruption and code execution under the context of the application. Versions 184.108.40.206 and 220.127.116.11 of Atlantis are affected.
Also impacting Atlantis versions 18.104.22.168 and 22.214.171.124 is CVE-2018-3983, a near-null write vulnerability also found in the software's parser. If a malicious document is opened in Atlantis, this can cause a heap memory error, resulting in code execution under the current context of the application.
Cisco Talos researchers also identified CVE-2018-3984 in Atlantis versions 126.96.36.199 and 188.8.131.52. This security flaw, an uninitialized length vulnerability, is also in the parser element of the software. If exploited, attackers can trigger code execution in the context of the application as long as a victim opens a crafted file.
Cisco Talos researchers also disclosed CVE-2018-3998, which affects Atlantis Word Processor version 184.108.40.206.
The heap-based buffer overflow flaw exists in the Windows Enhanced Metafile parser of Atlantis. If a crafted file is opened in the software, this can cause an allocation error reading to code execution.
Another security flaw was discovered in the same version of Atlantis. CVE-2018-3999 exists in the Atlantis JPEG parser. Malicious documents opened by a victim can be used to cause a length underflow issue, exploitable to perform code execution.
The final bug, CVE-2018-4000, impacts version 220.127.116.11 of the software. The double-free vulnerability exists in the Office Open XML parser of Atlantis and can lead to code execution.
A standalone patch has been made available and can be downloaded from the Talos advisory. The latest version of Atlantis is 3.2.7. Users should update their software builds to mitigate the risk of exploit.