Vulnerabilities (CVE)

Filtered by vendor Kingsoft Subscribe
Filtered by product Wps Office
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-32548 1 Kingsoft 1 Wps Office 2024-11-21 N/A 8.1 HIGH
OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed.
CVE-2023-31275 1 Kingsoft 1 Wps Office 2024-11-21 N/A 8.8 HIGH
An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-26081 1 Kingsoft 1 Wps Office 2024-11-21 6.8 MEDIUM 7.8 HIGH
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
CVE-2022-25969 1 Kingsoft 1 Wps Office 2024-11-21 6.8 MEDIUM 7.8 HIGH
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
CVE-2022-25943 1 Kingsoft 1 Wps Office 2024-11-21 4.6 MEDIUM 7.8 HIGH
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.
CVE-2020-25291 1 Kingsoft 1 Wps Office 2024-11-21 6.8 MEDIUM 7.8 HIGH
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.
CVE-2018-7546 1 Kingsoft 2 Jinshan Pdf, Wps Office 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file.
CVE-2024-7262 2 Kingsoft, Microsoft 2 Wps Office, Windows 2024-09-05 N/A 7.8 HIGH
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document
CVE-2024-7263 2 Kingsoft, Microsoft 2 Wps Office, Windows 2024-08-22 N/A 7.8 HIGH
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.