CVE-2018-6400

Name of the Vulnerable Software and Affected Versions Kingsoft WPS Office Free version 10.2.0.5978

Description The issue allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of .pipeWPSCloudSvrWpsCloudSvr, which is described as an "insecurely created named pipe." This ensures full access to the Everyone users group.

Recommendations For Kingsoft WPS Office Free version 10.2.0.5978, consider restricting access to the .pipeWPSCloudSvrWpsCloudSvr named pipe to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.