Cisco Talos disclosed three vulnerabilities in the Atlantis Word Processor (AWP). One, CVE-2018-4038, an exploitable arbitrary write vulnerability in open document format parser, could let attackers corrupt memory resulting in code execution. But the miscreants must first get a victim to “open a specially crafted document,” according to an alert.
An exploitable uninitialized pointer vulnerability, CVE-2018-4040, in the rich text format parser of AWP, version 3.2.7.2, could have let “certain RTF tokens to dereference a pointer that has been uninitialized and then write to it,” the alert said. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.
Finally, Talos reported that CVE-2018-4039 is “an exploitable out-of-bounds write vulnerability [that] exists in the PNG implementation” of AWP, version 3.2.7.2, that lets attackers corrupt memory, resulting in “code execution under the context of the application.”