Code execution vulnerabilities uncovered in Atlantis Word Processor

[silversurfer]

Researchers have uncovered a slew of critical vulnerabilities in the Atlantis Word Processor which permit attackers to execute code.

On Monday, security researchers from Cisco Talos disclosed the bugs, which were found in Atlantis Word Processor versions 3.0.2.3, 3.2.5.0, and 3.2.6.

The Atlantis Word Processor is software used to create professional documents in a variety of formats and the conversion of files such as .TXT and .DOC into eBook and ePub formats.

The first vulnerability impacts versions 3.0.2.3 and 3.0.2.5. Tracked as CVE-2018-3975, the uninitialized variable vulnerability was uncovered in the RTF-parsing functionality of the software.

Source: https://www.zdnet.com/article/code-execu...processor/