JVN#21234459: Multiple vulnerabilities in KINGSOFT "WPS Office" and "KINGSOFT Internet Security"

“WPS Office” and “KINGSOFT Internet Security” provided by KINGSOFT JAPAN, INC. contain multiple vulnerabilities listed below.

Stack-based buffer overflow (CWE-121) - CVE-2022-25949

Insecurely loading Dynamic Link Libraries (CWE-427) - CVE-2022-26081, CVE-2022-25969, CVE-2022-26511

This analysis assumes that the user is tricked into placing a malicious DLL file prepared by an attacker in a specific folder.

Impact

• A user who can log in to the system where the affected product is installed may obtain the administrative privilege. As a result, arbitrary code may be executed in kernel mode - CVE-2022-25949
• Arbitrary code may be executed with the privilege of the user invoking the installer - CVE-2022-26081, CVE-2022-25969
• Arbitrary code may be executed with the privilege of the running program - CVE-2022-26511

Solution

Stop using the products and Switch to alternative products
The developer states that the affected products are no longer supported, and recommends to use alternative unaffected products listed below.

CVE-2022-25949

• KINGSOFT Internet Security20 11.1.6.121416.1905 or later versions
  CVE-2022-26081, CVE-2022-25969
• WPS Office2 for Windows 11.82.8498 or later versions
  CVE-2022-26511
• WPS Office 2 for Windows Premium Presentation 11.82.8498 or later versions
  For more information, refer to the information provided by the developer.

Products Affected

CVE-2022-25949

• KINGSOFT Internet Security 9 Plus (Reported for Version 2010.06.23.247)
  CVE-2022-26081, CVE-2022-25969

• Installer of WPS Office (Reported for Version 10.8.0.5745 and Version 10.8.0.6186)
  CVE-2022-26511

• WPS Presentation (Reported for Version 11.8.0.5745)