CVE-2018-6400

Published: Mar 12, 2018

Modified: May 14, 2026

PUBLISHED

Description

Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecurely created named pipe." Ensures full access to Everyone users group.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20180309 WPS Free Office 10.2.0.5978 - NULL DACL grants full access

mailing-list

https://jvn.jp/en/jp/JVN14434132/

https://www.wps365.jp/notices/4

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-6400

Description

Affected Products

References