Talos, Cisco's security intelligence and research team, has revealed a host of vulnerabilities present in Atlantis Word Processor which could allow attackers to run potentially malicious code. The software is used to create documents in various formats such as TXT and DOC, and then convert them into an eBook in the ePub format.
Versions 3.0.2.3, 3.0.2.5, 3.2.6, and 3.2.5.0 of the word processor are affected by the vulnerabilities. The 3.0.2.3 and 3.0.2.5 versions in particular are the more severely impacted by a flaw discovered in the RTF-parsing functionality of Atlantis Word Processor, which may allow for code execution by prompting an out-of-bounds write error.
Another vulnerability affecting those same versions is found in the Word Document parser. In a nutshell, that flaw has the ability to corrupt memory and trigger code execution by an attacker in the context of the application.
Version 3.2.5.0 of the application is also affected by another flaw that is found in the Windows Enhanced Metafile, JPEG, and Office Open XML parsers. In all those versions, of course, the vulnerability won't be triggered unless an unsuspecting user is lured into opening an affected document.
Cisco's Talos has released a standalone patch via its advisory page, and users are urged to update to the latest version of Atlantis to mitigate the risk.
_small.jpg)
0 Comments - Add comment