Lucene search

Wps Office Security Vulnerabilities

cve

CVE-2014-2271

cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java cod...

8.1CVSS

8.2AI Score

0.05EPSS

2020-01-14 05:15 PM

cve

CVE-2018-6390

The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) off...

6.5CVSS

6.3AI Score

0.002EPSS

2018-01-29 07:29 PM

cve

CVE-2021-40399

An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger th...

7.8CVSS

7.9AI Score

0.002EPSS

2022-05-12 05:15 PM

cve

CVE-2022-24934

wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.

9.8CVSS

9.7AI Score

0.011EPSS

2022-03-23 10:15 PM

cve

CVE-2023-31275

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

8.8CVSS

8.1AI Score

0.001EPSS

2023-11-27 04:15 PM