454 matches found
CVE-2024-7263 Arbitrary Code Execution in WPS Office
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 exclusive on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough...
CVE-2024-7262 Arbitrary Code Execution in WPS Office
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 exclusive on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive...
CVE-2024-7262
Kingsoft WPS Office for Windows is affected by CVE-2024-7262 due to improper path validation in promecefpluginhost.exe. Versions 12.2.0.13110–12.2.0.16412 (exclusive) are exploitable via a weaponized, single-click embedded spreadsheet document that can load an arbitrary Windows library. Connected...
CVE-2024-7262
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 exclusive on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive...
Kingsoft WPS Office 路径遍历漏洞
Kingsoft WPS Office is a kind of office software from Kingsoft China. It provides document processing functions. A path traversal vulnerability exists in Kingsoft WPS Office versions 12.2.0.13110 through 12.2.0.13489, which stems from improper path validation in promecefpluginhost.exe. An attacke...
Kingsoft WPS Office 路径遍历漏洞
Kingsoft WPS Office is a kind of office software from Kingsoft China. It provides document processing functions. A path traversal vulnerability exists in Kingsoft WPS Office versions 12.2.0.13110 through 12.2.0.13489, which stems from improper path validation in promecefpluginhost.exe. An attacke...
Kingsoft WPS 安全漏洞
Kingsoft WPS is a kind of office software from Kingsoft, a Chinese company. It provides document processing functions. A security vulnerability exists in Kingsoft WPS versions prior to 17.0.0, which stems from the inability to properly clean up filenames before they are interactively processed...
VulnCheck KEV: CVE-2024-7262
Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library...
Kingsoft WPS Security Vulnerability
Kingsoft WPS is a kind of office software from Kingsoft, a Chinese company. It provides document processing functionality. A security vulnerability exists in Kingsoft WPS prior to version 11.2.0.11537, which stems from an uninitialized pointer usage vulnerability in the function that handles data...
Command Execution Vulnerability in WPS Windows Edition of Zhuhai Kingsoft Office Software Co.
WPS is an office software. A command execution vulnerability exists in WPS Windows Edition of Zhuhai Kingsoft Office Software Limited, which can be exploited by attackers to execute arbitrary code...
Remote Code Execution Vulnerability in WPS Office of Zhuhai Kingsoft Office Software Co.
WPS Office is an office software suite from Zhuhai Kingsoft Office Software Co. A remote code execution vulnerability exists in WPS Office of Zhuhai Kingsoft Office Software Co. Ltd, which can be exploited by attackers to gain server privileges...
Kingsoft Installer of WPS Office 操作系统命令注入漏洞
Kingsoft Installer of WPS Office is an installation and setup program for WPS Office from Kingsoft, a Chinese company. A security vulnerability exists in Kingsoft Installer of WPS Office version 10.8.0.6186. An attacker can exploit the vulnerability to execute arbitrary operating system commands...
JVN#36060509: "WPS Office" vulnerable to OS command injection
"WPS Office" which was provided by KINGSOFT JAPAN, INC. contains an OS command injection vulnerability CWE-78. Impact If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be...
金山软件 WPS 资源管理错误漏洞
Kingsoft WPS is a kind of office software from Kingsoft, a Chinese company. It provides document processing functions. A resource management error vulnerability exists in Kingsoft WPS Spreadsheets ET 11.2.0.10351, which originates from a specially crafted XLS file that can be reused after release...
The vulnerability of the KWatch3.sys driver (Kingsoft Antivirus KWatch Driver), a part of the Kingsoft Internet Security 9 Plus antivirus protection software, allows a hacker to execute arbitrary code.
The vulnerability of the KWatch3.sys driver Kingsoft Antivirus KWatch Driver, a component of the Kingsoft Internet Security 9 Plus antivirus protection software, is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
CVE-2022-24934
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEYCURRENTUSER in the registry...
CVE-2022-24934
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEYCURRENTUSER in the registry...
Remote code execution
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEYCURRENTUSER in the registry...
CVE-2022-24934
Summary: CVE-2022-24934 affects Kingsoft WPS Office’s wpsupdater.exe up to version 11.2.0.10382. The issue allows remote code execution by modifying the HKEY_CURRENT_USER registry. Various sources (NVD, Red Hat, CVE lists, PT Security advisory) corroborate the impact and affected component. The r...
CVE-2022-24934
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEYCURRENTUSER in the registry...