Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormFelipe Xavier OliveiraPACKETSTORM:146709
HistoryMar 08, 2018 - 12:00 a.m.

WPS Free Office 10.2.0.5978 NULL DACL Grants Full Access

2018-03-0800:00:00
Felipe Xavier Oliveira
packetstormsecurity.com
35

EPSS

0

Percentile

5.1%

JSON
`=====[ Tempest Security Intelligence - ADV-16/2018 ]===  
  
WPS Free Office 10.2.0.5978 - NULL DACL grants full access  
-------------------------------------------------------  
Author:  
- Filipe Xavier Oliveira: < filipe.xavier () tempest.com.br  
  
=====[ Table of Contents  
]=====================================================  
  
* Overview  
* Detailed description  
* Timeline of disclosure  
* Thanks & Acknowledgements  
* References  
  
=====[ Overview  
]==============================================================  
  
* System affected : KingSoft WPS Free Office [1]  
* Software Version : 10.2.0.5978. Other versions or models may also be  
affected.  
* Impact : A low privileged user can access and modify the DACL of pipe  
with full access allowed. The NULL DACL grants full access to any user  
that requests it; normal security checking is not performed with respect  
to the object.  
  
=====[ Detailed description  
]==================================================  
  
Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain  
privileges or cause a denial of service by impersonating all the pipes  
through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecurely  
created named pipe." Ensures full access to Everyone users group.  
  
=====[ Timeline of disclosure  
]===============================================  
  
29/01/2018 - Vendor was informed of the vulnerability.  
01/29/2018 - CVE assigned [2]  
02/05/2018 - Tried to contact vendor again.  
03/06/2018 - Advisory publication date.  
  
=====[ Thanks & Acknowledgements  
]============================================  
  
- Tempest Security Intelligence / Tempest's Pentest Team [3]  
  
=====[ References  
]===========================================================  
  
[1] - http://www.kingsoftstore.com/  
[2] - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6400  
[3] - http://www.tempest.com.br  
  
--   
Filipe Oliveira  
Tempest Security Intelligence  
  
  
  
`

Related

zdt 1
nvd 1
cve 1
prion 1
cvelist 1
zdt
zdt
WPS Office 10.2.0.5978 - NULL DACL grants full access Vulnerability
2018-03-10 00:00:00
nvd
nvd
CVE-2018-6400
2018-03-12 21:29:00
cve
cve
CVE-2018-6400
2018-03-12 21:29:00
prion
prion
Design/Logic Flaw
2018-03-12 21:29:00
cvelist
cvelist
CVE-2018-6400
2018-03-12 21:00:00

EPSS

0

Percentile

5.1%

JSON
Related for PACKETSTORM:146709
zdt1nvd1cve1prion1cvelist1