CVE-2018-6390

Name of the Vulnerable Software and Affected Versions Kingsoft WPS Office versions 10.1.0.7106 through 10.2.0.5978

Description The issue arises from the WStr::assign function in kso.dll, which fails to validate the size of the source memory block before making a copy call. This oversight allows remote attackers to trigger a denial of service, resulting in an access violation and application crash. The attack can be initiated through various crafted files, including web pages, office documents, or .rtf files.

Recommendations For Kingsoft WPS Office versions 10.1.0.7106 through 10.2.0.5978, consider disabling the WStr::assign function in kso.dll as a temporary workaround until a patch is available. Restrict access to potentially malicious web pages, office documents, and .rtf files to minimize the risk of exploitation.