Vulnerabilities > CVE-2018-6400 - Unspecified vulnerability in Kingsoftstore WPS Office Free 10.2.0.5978
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecurely created named pipe." Ensures full access to Everyone users group.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/146709/TSI-ADV162018.txt |
| id | PACKETSTORM:146709 |
| last seen | 2018-03-23 |
| published | 2018-03-08 |
| reporter | Felipe Xavier Oliveira |
| source | https://packetstormsecurity.com/files/146709/WPS-Free-Office-10.2.0.5978-NULL-DACL-Grants-Full-Access.html |
| title | WPS Free Office 10.2.0.5978 NULL DACL Grants Full Access |