An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable is later dereferenced and then written to allow for controlled heap corruption, which can lead to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0669 | Exploit Technical Description Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: talos
Published: 2018-10-01T20:00:00
Updated: 2022-04-19T18:07:52
Reserved: 2018-01-02T00:00:00
Link: CVE-2018-4001
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-10-01T20:29:01.483
Modified: 2023-02-04T01:18:19.343
Link: CVE-2018-4001
JSON object: View
Redhat Information
No data.
CWE