Vulnerabilities > CVE-2018-6400 - Unspecified vulnerability in Kingsoftstore WPS Office Free 10.2.0.5978

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

kingsoftstore

NVD

Published: 2018-03-12

Updated: 2019-10-03

Summary

Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecurely created named pipe." Ensures full access to Everyone users group.

Vulnerable Configurations

Part	Description	Count
Application	Kingsoftstore Kingsoftstore WPS Office Free 10.2.0.5978	1

Packetstorm

data source	https://packetstormsecurity.com/files/download/146709/TSI-ADV162018.txt
id	PACKETSTORM:146709
last seen	2018-03-23
published	2018-03-08
reporter	Felipe Xavier Oliveira
source	https://packetstormsecurity.com/files/146709/WPS-Free-Office-10.2.0.5978-NULL-DACL-Grants-Full-Access.html
title	WPS Free Office 10.2.0.5978 NULL DACL Grants Full Access

References

http://seclists.org/fulldisclosure/2018/Mar/27