10 matches found
CVE-2024-7262
Kingsoft WPS Office for Windows is affected by CVE-2024-7262 due to improper path validation in promecefpluginhost.exe. Versions 12.2.0.13110–12.2.0.16412 (exclusive) are exploitable via a weaponized, single-click embedded spreadsheet document that can load an arbitrary Windows library. Connected...
CVE-2022-26081
CVE-2022-26081 affects KINGSOFT’s WPS Office installer, which insecurely loads shcore.dll (CWE-427), enabling arbitrary code execution with the user’s privileges during installation. The vulnerability is documented for WPS Office installer versions 10.8.0.5745 and 10.8.0.6186, with impact describ...
CVE-2024-7263
CVE-2024-7263 affects Kingsoft WPS Office on Windows, specifically the promecefpluginhost.exe path validation. Versions 12.2.0.13110 through 12.2.0.17115 (exclusive) are vulnerable to loading an arbitrary Windows library due to improper path validation, with the issue tied to an earlier CVE-2024-...
CVE-2022-25943
The CVE-2022-25943 issue affects WPS Office for Windows prior to v11.2.0.10258. The installer fails to configure ACLs correctly for the installation directory of the service program, enabling a local-privilege escalation path as described in multiple sources. Affected software is the WPS Office W...
CVE-2022-25969
CVE-2022-25969 affects KINGSOFT/WPS Office installer components, where the installer loads DLLs insecurely (e.g., VERSION.DLL), enabling arbitrary code execution with the invoking user’s privileges. Published details from JVN/EUVD/Red Hat indicate affected versions include WPS Office installer 10...
CVE-2023-31275
WPS Office 11.2.0.11537 contains an uninitialized pointer use vulnerability in the Data element handling for Excel files (CVE-2023-31275). TALOS reports that a malformed Excel file can trigger remote code execution due to an absent Data element check, enabling memory corruption and arbitrary code...
CVE-2024-57096
The CVE-2024-57096 entry concerns Kingsoft WPS Office. Affected software: WPS Office versions prior to 19302. Vulnerability: exposure that allows a local attacker to obtain sensitive information via a crafted file. Root cause details are not explicitly provided in the documents, so the mechanism ...
CVE-2023-32548
CVE-2023-32548 affects WPS Office version 10.8.0.6186. The OS command injection vulnerability can be triggered when a remote attacker, via a man-in-the-middle position, connects to a malicious server and sends specially crafted data, enabling arbitrary OS commands on the host. Exploitation detail...
CVE-2020-25291
CVE-2020-25291 affects Kingsoft WPS Office prior to 11.2.0.9403. A crafted PNG PLTE chunk in a Word document can trigger a remote heap corruption via GdiDrawHoriLineIAlt, related to QBrush::setMatrix in Qt 4.x. Affects WPS Office's handling of embedded graphics in Word documents; root cause is th...
CVE-2018-7546
CVE-2018-7546 affects wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621, allowing a remote attacker to cause a denial of service by processing a crafted PDF file. The connected documents confirm the affected component and the vulnerability type (DoS) but do not provide details o...