Lucene search
K
KingsoftWps Office

10 matches found

CVE
CVE
added 2024/08/15 2:24 p.m.285 views

CVE-2024-7262

Kingsoft WPS Office for Windows is affected by CVE-2024-7262 due to improper path validation in promecefpluginhost.exe. Versions 12.2.0.13110–12.2.0.16412 (exclusive) are exploitable via a weaponized, single-click embedded spreadsheet document that can load an arbitrary Windows library. Connected...

9.3CVSS7.5AI score0.01773EPSS
In wild
CVE
CVE
added 2022/03/17 5:15 p.m.166 views

CVE-2022-26081

CVE-2022-26081 affects KINGSOFT’s WPS Office installer, which insecurely loads shcore.dll (CWE-427), enabling arbitrary code execution with the user’s privileges during installation. The vulnerability is documented for WPS Office installer versions 10.8.0.5745 and 10.8.0.6186, with impact describ...

7.8CVSS7.9AI score0.00775EPSS
CVE
CVE
added 2024/08/15 2:29 p.m.138 views

CVE-2024-7263

CVE-2024-7263 affects Kingsoft WPS Office on Windows, specifically the promecefpluginhost.exe path validation. Versions 12.2.0.13110 through 12.2.0.17115 (exclusive) are vulnerable to loading an arbitrary Windows library due to improper path validation, with the issue tied to an earlier CVE-2024-...

9.3CVSS7.7AI score0.0039EPSS
CVE
CVE
added 2022/03/09 4:45 a.m.134 views

CVE-2022-25943

The CVE-2022-25943 issue affects WPS Office for Windows prior to v11.2.0.10258. The installer fails to configure ACLs correctly for the installation directory of the service program, enabling a local-privilege escalation path as described in multiple sources. Affected software is the WPS Office W...

7.8CVSS7.5AI score0.00704EPSS
CVE
CVE
added 2022/03/17 5:15 p.m.111 views

CVE-2022-25969

CVE-2022-25969 affects KINGSOFT/WPS Office installer components, where the installer loads DLLs insecurely (e.g., VERSION.DLL), enabling arbitrary code execution with the invoking user’s privileges. Published details from JVN/EUVD/Red Hat indicate affected versions include WPS Office installer 10...

7.8CVSS7.9AI score0.00775EPSS
CVE
CVE
added 2023/11/27 3:34 p.m.68 views

CVE-2023-31275

WPS Office 11.2.0.11537 contains an uninitialized pointer use vulnerability in the Data element handling for Excel files (CVE-2023-31275). TALOS reports that a malformed Excel file can trigger remote code execution due to an absent Data element check, enabling memory corruption and arbitrary code...

8.8CVSS8.1AI score0.01692EPSS
CVE
CVE
added 2025/05/14 12:0 a.m.54 views

CVE-2024-57096

The CVE-2024-57096 entry concerns Kingsoft WPS Office. Affected software: WPS Office versions prior to 19302. Vulnerability: exposure that allows a local attacker to obtain sensitive information via a crafted file. Root cause details are not explicitly provided in the documents, so the mechanism ...

5.5CVSS6.2AI score0.00133EPSS
CVE
CVE
added 2023/06/13 12:0 a.m.53 views

CVE-2023-32548

CVE-2023-32548 affects WPS Office version 10.8.0.6186. The OS command injection vulnerability can be triggered when a remote attacker, via a man-in-the-middle position, connects to a malicious server and sends specially crafted data, enabling arbitrary OS commands on the host. Exploitation detail...

8.1CVSS8.1AI score0.0106EPSS
CVE
CVE
added 2020/09/13 7:35 p.m.50 views

CVE-2020-25291

CVE-2020-25291 affects Kingsoft WPS Office prior to 11.2.0.9403. A crafted PNG PLTE chunk in a Word document can trigger a remote heap corruption via GdiDrawHoriLineIAlt, related to QBrush::setMatrix in Qt 4.x. Affects WPS Office's handling of embedded graphics in Word documents; root cause is th...

7.8CVSS7.6AI score0.01617EPSS
CVE
CVE
added 2018/07/18 4:0 p.m.42 views

CVE-2018-7546

CVE-2018-7546 affects wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621, allowing a remote attacker to cause a denial of service by processing a crafted PDF file. The connected documents confirm the affected component and the vulnerability type (DoS) but do not provide details o...

5.5CVSS5.4AI score0.01391EPSS