CVE-2018-3975

Summary

An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution.

Affected Software

VendorProductVersion RangeStatus
The Atlantis Word Processor TeamAtlantis Word Processor3.2.6affected

Weaknesses

  • remote code execution

ADP Enrichment

CVE Program Container

Additional References

References