CVE-2018-4000

An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An attacker must convince a victim to open a document in order to trigger this vulnerability.

CVSS v3 7.8 HIGH
CVSS v2.0 6.8 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0668	Exploit Technical Description Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:atlantiswordprocessor:atlantis_word_processor:3.2.5.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-10-01 20:29

Updated : 2023-12-10 12:44

NVD link : CVE-2018-4000

Mitre link : CVE-2018-4000

CVE.ORG link : CVE-2018-4000

JSON object : View

Products Affected

atlantiswordprocessor

atlantis_word_processor

CWE

CWE-415

Double Free

{"id": "CVE-2018-4000", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-10-01T20:29:01.373", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0668", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-415"}]}], "descriptions": [{"lang": "en", "value": "An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An attacker must convince a victim to open a document in order to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad explotable de doble liberaci\u00f3n (double free) en el analizador de XML de Open Office de Atlantis Word Processor 3.2.5.0. Un documento especialmente manipulado puede provocar que una instancia TTableRow se referencie dos veces, lo que resulta en una vulnerabilidad de doble liberaci\u00f3n (double free) cuando ambas referencias se salen del alcance. Un atacante debe convencer a una v\u00edctima para que abra un documento para provocar esta vulnerabilidad."}], "lastModified": "2023-02-04T01:19:07.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:atlantiswordprocessor:atlantis_word_processor:3.2.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7E316BD-505F-49E0-9F20-C8B4B2748C2B"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}