CVE-2010-5208

Name of the Vulnerable Software and Affected Versions Kingsoft Office 2010 version 6.6.0.2477

Description The issue concerns untrusted search path vulnerabilities in multiple components of Kingsoft Office 2010, including Presentation, Writer, and Spreadsheets. This allows local users to gain privileges by placing a Trojan horse plgpf.dll file in the current working directory, potentially exploiting the vulnerability when the directory contains specific file types such as .xls, .ppt, .rtf, or .doc.

Recommendations For Kingsoft Office 2010 version 6.6.0.2477, consider removing or restricting access to the plgpf.dll file in the current working directory to minimize the risk of exploitation. Additionally, avoid opening files from untrusted sources, especially in directories that may contain malicious plgpf.dll files, until a patch or fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.