Vulnerability Spotlight: Multiple vulnerabilities in SoftMaker Office TextMaker

[DTinn8]

A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw.
 
Cisco Talos recently discovered multiple vulnerabilities in SoftMaker's TextMaker software. A user could trigger these vulnerabilities by opening an attacker-created, malicious document. An adversary could use these documents to create a variety of malicious conditions on the victim machine.

SoftMaker Software GmbH is a German software company that develops and releases office software. Their flagship product, SoftMaker Office, allows users to carry out multiple tasks, including word processing, spreadsheet creation, presentation design, and even allows for scripting. The SoftMaker Office suite supports a variety of common document file formats, as well as a number of internal formats that the user may choose to use when performing their necessary work. These vulnerabilities specifically exist in TextMaker, which is one portion of the SoftMaker Office suite. In accordance with our coordinated disclosure policy, Cisco Talos worked with SoftMaker Software to disclose these vulnerabilities and ensure that an update is available.

VULNERABILITY DETAILS
 
SoftMaker Office TextMaker document record 0x001f sign-extension vulnerability (TALOS-2020-1161/CVE-2020-13544)
An exploitable sign extension vulnerability exists in the TextMaker document-parsing functionality of SoftMaker Office 2021's TextMaker application. A specially crafted document can cause the document parser to sign-extend a length used to terminate a loop, which can later result in the loop's index being used to write outside the bounds of a heap buffer during the reading of file data. An attacker can entice the victim to open a document to trigger this vulnerability.
Read the complete vulnerability advisory here for additional information. 
 
SoftMaker Office TextMaker Document Record 0x003f integer conversion vulnerability (TALOS-2020-1162/CVE-2020-13545)
An exploitable signed conversion vulnerability exists in the TextMaker document-parsing functionality of SoftMaker Office 2021's TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, when this buffer is used, the application will write outside its bounds resulting in heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability.
Read the complete vulnerability advisory here for additional information.
 
SoftMaker Office TextMaker document record 0x002a integer overflow vulnerability (TALOS-2020-1163/CVE-2020-13546)
An exploitable integer overflow vulnerability exists in the TextMaker document-parsing functionality of SoftMaker Office 2021's TextMaker application. A specially crafted document can cause the document parser to miscalculate the length used to allocate a buffer. Once this buffer's used, the application will write outside its bounds resulting in a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability.
Read the complete vulnerability advisory here for additional information.
 
VERSIONS TESTEDTalos tested and confirmed that these vulnerabilities affect SoftMaker Software GmbH SoftMaker Office TextMaker 2021, revision 1014.
 
COVERAGEThe following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.
Snort Rules: 55985 - 55988, 55991, 55992

Source: https://blog.talosintelligence.com/2021/01/vuln-spotlight-softmaker-office-textmaker-jan-2021.html?&web_view=true