Lucene search

K

6 matches found

CVE
CVE
added 2024/08/15 3:15 p.m.218 views

CVE-2024-7262

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spre...

9.3CVSS7.5AI score0.21715EPSS
CVE
CVE
added 2022/03/09 5:15 a.m.122 views

CVE-2022-25943

The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.

7.8CVSS7.5AI score0.09861EPSS
CVE
CVE
added 2024/08/15 3:15 p.m.121 views

CVE-2024-7263

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough....

9.3CVSS7.7AI score0.21715EPSS
CVE
CVE
added 2024/05/14 3:39 p.m.71 views

CVE-2024-35205

The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a crafted library file, aim...

7.8CVSS7AI score0.01023EPSS
CVE
CVE
added 2020/09/13 8:15 p.m.34 views

CVE-2020-25291

GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.

7.8CVSS7.6AI score0.0115EPSS
CVE
CVE
added 2025/05/14 8:15 p.m.25 views

CVE-2024-57096

An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file.

5.5CVSS6.2AI score0.00018EPSS