Summary
This host is installed with Kingsoft Office and prone to stack based buffer overflow vulnerability.
Impact
Successful exploitation will let attacker to execute arbitrary code via a long font name in a WPS file on the target users system which can cause a stack-based buffer overflow.
Impact Level: System/Application
Solution
Upgrade to Kingsoft Office version 2013 9.1.0.4256 or later, For updates refer to http://www.kingsoft.com/
Insight
The flaw is due to a boundary error when handling font names.
Affected
Kingsoft Writer 2012 8.1.0.3030 used in Kingsoft Office 2013 before 9.1.0.4256
Detection
Get the installed version of Kingsoft Office and check the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-3934 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities