Talos, Cisco's security intelligence and research team, has revealed a host of vulnerabilities present in Atlantis Word Processor which could allow attackers to run potentially malicious code. The software is used to create documents in various formats such as TXT and DOC, and then convert them into an eBook in the ePub format.
Versions 126.96.36.199, 188.8.131.52, 3.2.6, and 184.108.40.206 of the word processor are affected by the vulnerabilities. The 220.127.116.11 and 18.104.22.168 versions in particular are the more severely impacted by a flaw discovered in the RTF-parsing functionality of Atlantis Word Processor, which may allow for code execution by prompting an out-of-bounds write error.
Another vulnerability affecting those same versions is found in the Word Document parser. In a nutshell, that flaw has the ability to corrupt memory and trigger code execution by an attacker in the context of the application.
Version 22.214.171.124 of the application is also affected by another flaw that is found in the Windows Enhanced Metafile, JPEG, and Office Open XML parsers. In all those versions, of course, the vulnerability won't be triggered unless an unsuspecting user is lured into opening an affected document.