Wps Office Security Vulnerabilities and Issues — Wps Office CVE List

Lucene search

KingsoftWps Office

12 matches found

CVE•added 2024/08/15 3:15 p.m.•218 views

CVE-2024-7262

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spre...

9.3CVSS7.5AI score0.21715EPSS

CVE•added 2022/03/17 6:15 p.m.•150 views

CVE-2022-26081

The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.

7.8CVSS7.9AI score0.00367EPSS

CVE•added 2022/03/09 5:15 a.m.•122 views

CVE-2022-25943

The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.

7.8CVSS7.5AI score0.09861EPSS

CVE•added 2024/08/15 3:15 p.m.•121 views

CVE-2024-7263

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough....

9.3CVSS7.7AI score0.21715EPSS

CVE•added 2022/03/17 6:15 p.m.•98 views

CVE-2022-25969

The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.

7.8CVSS7.9AI score0.00367EPSS

CVE•added 2024/05/14 3:39 p.m.•72 views

CVE-2024-35205

The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a crafted library file, aim...

7.8CVSS7AI score0.01023EPSS

CVE•added 2025/01/08 5:15 p.m.•47 views

CVE-2024-13187

A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit h...

5.3CVSS5.7AI score0.00081EPSS

CVE•added 2023/11/27 4:15 p.m.•44 views

CVE-2023-31275

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

8.8CVSS8.1AI score0.00714EPSS

CVE•added 2023/06/13 10:15 a.m.•38 views

CVE-2023-32548

OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is inst...

8.1CVSS8.1AI score0.00893EPSS

CVE•added 2020/09/13 8:15 p.m.•34 views

CVE-2020-25291

GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.

7.8CVSS7.6AI score0.0115EPSS

CVE•added 2018/07/18 4:29 p.m.•31 views

CVE-2018-7546

wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file.

5.5CVSS5.4AI score0.00241EPSS

CVE•added 2025/05/14 8:15 p.m.•25 views

CVE-2024-57096

An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file.

5.5CVSS6.2AI score0.00018EPSS