Kingsoft Office Stack Buffer Overflow Vulnerability (Win) Network Vulnerability

Summary

This host is installed with Kingsoft Office and prone to stack based buffer overflow vulnerability.

Impact

Successful exploitation will let attacker to execute arbitrary code via a long font name in a WPS file on the target users system which can cause a stack-based buffer overflow. Impact Level: System/Application

Solution

Upgrade to Kingsoft Office version 2013 9.1.0.4256 or later, For updates refer to http://www.kingsoft.com/

Insight

The flaw is due to a boundary error when handling font names.

Affected

Kingsoft Writer 2012 8.1.0.3030 used in Kingsoft Office 2013 before 9.1.0.4256

Detection

Get the installed version of Kingsoft Office and check the version is vulnerable or not.

References

http://secunia.com/advisories/53266
http://www.securitytracker.com/id/1028920

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-3934
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Audition '.ses' Multiple Buffer Overflow Vulnerabilities (Windows)
Alleycode HTML Editor Buffer Overflow Vulnerabilities
Adobe Reader Buffer Overflow Vulnerability Sep09 (Win)
Audacity Buffer Overflow Vulnerability (Win)
BarCodeWiz 'BarcodeWiz.dll' ActiveX Control BOF Vulnerability

Take action and discover your vulnerabilities