WPS Free Office 10.2.0.5978 NULL DACL Grants Full Acces
Reporter | Title | Published | Views | Family All 5 |
---|---|---|---|---|
![]() | CVE-2018-6400 | 12 Mar 201821:29 | – | nvd |
![]() | WPS Office 10.2.0.5978 - NULL DACL grants full access Vulnerability | 10 Mar 201800:00 | – | zdt |
![]() | CVE-2018-6400 | 12 Mar 201821:29 | – | cve |
![]() | CVE-2018-6400 | 12 Mar 201821:00 | – | cvelist |
![]() | Design/Logic Flaw | 12 Mar 201821:29 | – | prion |
`=====[ Tempest Security Intelligence - ADV-16/2018 ]===
WPS Free Office 10.2.0.5978 - NULL DACL grants full access
-------------------------------------------------------
Author:
- Filipe Xavier Oliveira: < filipe.xavier () tempest.com.br
=====[ Table of Contents
]=====================================================
* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References
=====[ Overview
]==============================================================
* System affected : KingSoft WPS Free Office [1]
* Software Version : 10.2.0.5978. Other versions or models may also be
affected.
* Impact : A low privileged user can access and modify the DACL of pipe
with full access allowed. The NULL DACL grants full access to any user
that requests it; normal security checking is not performed with respect
to the object.
=====[ Detailed description
]==================================================
Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain
privileges or cause a denial of service by impersonating all the pipes
through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecurely
created named pipe." Ensures full access to Everyone users group.
=====[ Timeline of disclosure
]===============================================
29/01/2018 - Vendor was informed of the vulnerability.
01/29/2018 - CVE assigned [2]
02/05/2018 - Tried to contact vendor again.
03/06/2018 - Advisory publication date.
=====[ Thanks & Acknowledgements
]============================================
- Tempest Security Intelligence / Tempest's Pentest Team [3]
=====[ References
]===========================================================
[1] - http://www.kingsoftstore.com/
[2] - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6400
[3] - http://www.tempest.com.br
--
Filipe Oliveira
Tempest Security Intelligence
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo