14 DAY TRIAL // Cisco Talos published a vulnerability report disclosing multiple vulnerabilities in the Atlantis Word Processor, a word processor that can also convert TXT, RTF, ODT, DOC, WRI, or DOCX documents to ePub.
The disclosed vulnerabilities were discovered by Ali Rizvi-Santiago and Cory Duplantis of Cisco Talos, and they are all code executions in eight different Atlantis Word Processor modules.
The exploitable Atlantis Word Processor versions were 3.0.2.3, 3.0.2.5, 3.2.5.0, and 3.2.6, and the affected modules are different for every release.
As described by Cisco Talos' researchers, all eight vulnerabilities can be exploited by sending the target a specially crafted document which would lead to a code execution outside the bounds of heap allocation, resulting in a buffer overflow.
The hard part in exploiting the Atlantis Word Process application is to convince the victim to download and open the specially crafted document designed to provoke an out of bounds code execution under the context of the application.
Atlantis Word Processor has been patched, and the latest version is no longer exploitable using these vulnerabilities
Even though this might prove to be a daunting task, there are enough attack vectors threat actors could use such as spam e-mails containing an attachment bundling the document with the exploit code.
All vulnerabilities uncovered received their own Common Vulnerabilities and Exposures identification number for easier tracking: CVE-2018-3975, CVE-2018-3978, CVE-2018-398, CVE-2018-3983, CVE-2018-3894, CVE-2018-3998, CVE-2018-3999, and CVE-2018-4000.
Furthermore, all security bugs have been disclosed to the developer on September 10, with a quick subsequent beta patch the next day, and a final release on September 26 although there was no mention of the security fixed in the app's changelog.
All Atlantis Word Processor users are advised to update to the latest version of the application to avoid having their systems exploited by maliciously crafted tools.