7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
46.7%
“WPS Office” and “KINGSOFT Internet Security” provided by KINGSOFT JAPAN, INC. contain multiple vulnerabilities listed below.
Stack-based buffer overflow (CWE-121) - CVE-2022-25949
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | Base Score: 8.8 |
CVSS v2 | AV:L/AC:L/Au:S/C:C/I:C/A:C | Base Score: 6.8 |
Insecurely loading Dynamic Link Libraries (CWE-427) - CVE-2022-26081, CVE-2022-25969, CVE-2022-26511
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | Base Score: 7.8 |
CVSS v2 | AV:N/AC:M/Au:N/C:P/I:P/A:P | Base Score: 6.8 |
This analysis assumes that the user is tricked into placing a malicious DLL file prepared by an attacker in a specific folder.
Stop using the products and Switch to alternative products
The developer states that the affected products are no longer supported, and recommends to use alternative unaffected products listed below.
CVE-2022-25949
CVE-2022-25949
KINGSOFT Internet Security 9 Plus (Reported for Version 2010.06.23.247)
CVE-2022-26081, CVE-2022-25969
Installer of WPS Office (Reported for Version 10.8.0.5745 and Version 10.8.0.6186)
CVE-2022-26511
WPS Presentation (Reported for Version 11.8.0.5745)
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
46.7%