Lucene search

K

WPS Free Office 10.2.0.5978 NULL DACL Grants Full Access

🗓️ 08 Mar 2018 00:00:00Reported by Felipe Xavier OliveiraType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 35 Views

WPS Free Office 10.2.0.5978 NULL DACL Grants Full Acces

Show more
Related
Code
ReporterTitlePublishedViews
Family
NVD
CVE-2018-6400
12 Mar 201821:29
nvd
0day.today
WPS Office 10.2.0.5978 - NULL DACL grants full access Vulnerability
10 Mar 201800:00
zdt
CVE
CVE-2018-6400
12 Mar 201821:29
cve
Cvelist
CVE-2018-6400
12 Mar 201821:00
cvelist
Prion
Design/Logic Flaw
12 Mar 201821:29
prion
`=====[ Tempest Security Intelligence - ADV-16/2018 ]===  
  
WPS Free Office 10.2.0.5978 - NULL DACL grants full access  
-------------------------------------------------------  
Author:  
- Filipe Xavier Oliveira: < filipe.xavier () tempest.com.br  
  
=====[ Table of Contents  
]=====================================================  
  
* Overview  
* Detailed description  
* Timeline of disclosure  
* Thanks & Acknowledgements  
* References  
  
=====[ Overview  
]==============================================================  
  
* System affected : KingSoft WPS Free Office [1]  
* Software Version : 10.2.0.5978. Other versions or models may also be  
affected.  
* Impact : A low privileged user can access and modify the DACL of pipe  
with full access allowed. The NULL DACL grants full access to any user  
that requests it; normal security checking is not performed with respect  
to the object.  
  
=====[ Detailed description  
]==================================================  
  
Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain  
privileges or cause a denial of service by impersonating all the pipes  
through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecurely  
created named pipe." Ensures full access to Everyone users group.  
  
=====[ Timeline of disclosure  
]===============================================  
  
29/01/2018 - Vendor was informed of the vulnerability.  
01/29/2018 - CVE assigned [2]  
02/05/2018 - Tried to contact vendor again.  
03/06/2018 - Advisory publication date.  
  
=====[ Thanks & Acknowledgements  
]============================================  
  
- Tempest Security Intelligence / Tempest's Pentest Team [3]  
  
=====[ References  
]===========================================================  
  
[1] - http://www.kingsoftstore.com/  
[2] - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6400  
[3] - http://www.tempest.com.br  
  
--   
Filipe Oliveira  
Tempest Security Intelligence  
  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo