CVE-2018-4040

Summary

An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
TalosAtlantis Word ProcessorAtlantis Word Processor 3.2.7.1, 3.2.7.2affected

Weaknesses

  • remote code execution

ADP Enrichment

CVE Program Container

Additional References

References