CVE-2018-4039

CVSS 8.8 HIGHEPSS 1.4%

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.8EPSS 1.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

01 Dec 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Talos · Atlantis Word Processor

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0712