CVE-2018-6400

MEDIUM(4.6)

AV:L/AC:L/Au:N/C:P/I:P/A:P

Risk Signal Score12/100 — NIEDRIG

CVSS 4.6 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

4.6

Technische Schwere

Beschreibung

Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecurely created named pipe." Ensures full access to Everyone users group.

Referenzen

http://seclists.org/fulldisclosure/2018/Mar/27
https://jvn.jp/en/jp/JVN14434132/
https://www.wps365.jp/notices/4
http://seclists.org/fulldisclosure/2018/Mar/27