Search criteria
20 vulnerabilities found for wps_office by kingsoft
CVE-2024-57096 (GCVE-0-2024-57096)
Vulnerability from nvd – Published: 2025-05-14 00:00 – Updated: 2025-05-15 13:43
VLAI?
Summary
An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file.
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T13:42:31.370195Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T13:43:09.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T19:59:07.012Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/paokuwansui/wps_exp/blob/main/README"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57096",
"datePublished": "2025-05-14T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-05-15T13:43:09.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7263 (GCVE-0-2024-7263)
Vulnerability from nvd – Published: 2024-08-15 14:29 – Updated: 2024-08-22 05:46
VLAI?
Title
Arbitrary Code Execution in WPS Office
Summary
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.
The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kingsoft | WPS Office |
Affected:
12.2.0.13110 , < 12.2.0.17115
(custom)
|
Credits
Romain DUMONT (ESET)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kingsoft:wps_office:12.2.0.13110:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wps_office",
"vendor": "kingsoft",
"versions": [
{
"lessThanOrEqual": "12.2.0.17153",
"status": "affected",
"version": "12.2.0.13110",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T13:36:15.984437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T13:38:20.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.wps.com/",
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WPS Office",
"vendor": "Kingsoft",
"versions": [
{
"changes": [
{
"at": "12.1.0.17119",
"status": "unaffected"
}
],
"lessThan": "12.2.0.17115",
"status": "affected",
"version": "12.2.0.13110",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Romain DUMONT (ESET)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper path validation in \u003cb\u003epromecefpluginhost.exe\u003c/b\u003e in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.\u003cbr\u003eThe patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.\u003cbr\u003e"
}
],
"value": "Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.\nThe patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library."
}
],
"impacts": [
{
"capecId": "CAPEC-17",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-17: Using Malicious Files"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "A user clicking on a crafted hyperlink could lead to arbitrary code execution"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T05:46:47.221Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"url": "https://www.wps.com/whatsnew/pc/20240422/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to latest version\u003cbr\u003e"
}
],
"value": "Update to latest version"
}
],
"source": {
"discovery": "USER"
},
"title": "Arbitrary Code Execution in WPS Office",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2024-7263",
"datePublished": "2024-08-15T14:29:04.097Z",
"dateReserved": "2024-07-30T07:50:57.690Z",
"dateUpdated": "2024-08-22T05:46:47.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7262 (GCVE-0-2024-7262)
Vulnerability from nvd – Published: 2024-08-15 14:24 – Updated: 2025-10-21 22:55 X_Known Exploited Vulnerability
VLAI?
Title
Arbitrary Code Execution in WPS Office
Summary
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.
The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kingsoft | WPS Office |
Affected:
12.2.0.13110 , < 12.2.0.16412
(custom)
|
Credits
Romain DUMONT (ESET)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kingsoft:wps_office:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wps_office",
"vendor": "kingsoft",
"versions": [
{
"lessThan": "12.2.0.13489",
"status": "affected",
"version": "12.2.0.13110",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7262",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-31T03:55:30.362677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-09-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7262"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:47.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7262"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-03T00:00:00+00:00",
"value": "CVE-2024-7262 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.wps.com/",
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "WPS Office",
"vendor": "Kingsoft",
"versions": [
{
"lessThan": "12.2.0.16412",
"status": "affected",
"version": "12.2.0.13110",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "Romain DUMONT (ESET)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eImproper path validation in \u003cb\u003epromecefpluginhost.exe\u003c/b\u003e in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.\u003cbr\u003eThe vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.\nThe vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exploit found in-the-wild.\u003cbr\u003e"
}
],
"value": "Exploit found in-the-wild."
}
],
"impacts": [
{
"capecId": "CAPEC-17",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-17: Using Malicious Files"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N/RE:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "A user clicking on a crafted hyperlink could lead to arbitrary code execution"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T05:51:23.952Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"url": "https://www.wps.com/whatsnew/pc/20240422/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to latest version\u003cbr\u003e"
}
],
"value": "Update to latest version"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"x_known-exploited-vulnerability"
],
"title": "Arbitrary Code Execution in WPS Office",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2024-7262",
"datePublished": "2024-08-15T14:24:44.511Z",
"dateReserved": "2024-07-30T07:50:53.765Z",
"dateUpdated": "2025-10-21T22:55:47.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31275 (GCVE-0-2023-31275)
Vulnerability from nvd – Published: 2023-11-27 15:34 – Updated: 2025-11-04 19:16
VLAI?
Summary
An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-457 - Use of Uninitialized Variable
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WPS | WPS Office |
Affected:
11.2.0.11537
|
Credits
Discovered by Marcin 'Icewall' Noga of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:16:02.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1748",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1748"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1748"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WPS Office",
"vendor": "WPS",
"versions": [
{
"status": "affected",
"version": "11.2.0.11537"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Marcin \u0026#39;Icewall\u0026#39; Noga of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-27T18:00:07.348Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1748",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1748"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-31275",
"datePublished": "2023-11-27T15:34:38.413Z",
"dateReserved": "2023-05-08T16:03:16.914Z",
"dateUpdated": "2025-11-04T19:16:02.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-32548 (GCVE-0-2023-32548)
Vulnerability from nvd – Published: 2023-06-13 00:00 – Updated: 2025-01-03 19:23
VLAI?
Summary
OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed.
Severity ?
8.1 (High)
CWE
- OS Command Injection
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KINGSOFT JAPAN, INC. | WPS Office |
Affected:
version 10.8.0.6186
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.kingsoft.jp/about/20230605.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN36060509/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-32548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-03T19:23:05.670400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T19:23:14.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WPS Office",
"vendor": "KINGSOFT JAPAN, INC.",
"versions": [
{
"status": "affected",
"version": "version 10.8.0.6186"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://support.kingsoft.jp/about/20230605.html"
},
{
"url": "https://jvn.jp/en/jp/JVN36060509/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-32548",
"datePublished": "2023-06-13T00:00:00",
"dateReserved": "2023-05-11T00:00:00",
"dateUpdated": "2025-01-03T19:23:14.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26081 (GCVE-0-2022-26081)
Vulnerability from nvd – Published: 2022-03-17 17:15 – Updated: 2024-08-03 04:56
VLAI?
Summary
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
Severity ?
No CVSS data available.
CWE
- CWE-427 - insecurely loading Dynamic Link Libraries
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KINGSOFT JAPAN, INC. | The installer of WPS Office |
Affected:
Reported for Version 10.8.0.5745
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "The installer of WPS Office",
"vendor": "KINGSOFT JAPAN, INC.",
"versions": [
{
"status": "affected",
"version": "Reported for Version 10.8.0.5745"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: insecurely loading Dynamic Link Libraries",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T17:15:54",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-26081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "The installer of WPS Office",
"version": {
"version_data": [
{
"version_value": "Reported for Version 10.8.0.5745"
}
]
}
}
]
},
"vendor_name": "KINGSOFT JAPAN, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: insecurely loading Dynamic Link Libraries"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kingsoft.jp/support-info/weakness.html",
"refsource": "CONFIRM",
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-26081",
"datePublished": "2022-03-17T17:15:54",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25969 (GCVE-0-2022-25969)
Vulnerability from nvd – Published: 2022-03-17 17:15 – Updated: 2024-08-03 04:56
VLAI?
Summary
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
Severity ?
No CVSS data available.
CWE
- CWE-427 - insecurely loading Dynamic Link Libraries
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KINGSOFT JAPAN, INC. | The installer of WPS Office |
Affected:
Reported for Version 10.8.0.6186
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:36.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "The installer of WPS Office",
"vendor": "KINGSOFT JAPAN, INC.",
"versions": [
{
"status": "affected",
"version": "Reported for Version 10.8.0.6186"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: insecurely loading Dynamic Link Libraries",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T17:15:38",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-25969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "The installer of WPS Office",
"version": {
"version_data": [
{
"version_value": "Reported for Version 10.8.0.6186"
}
]
}
}
]
},
"vendor_name": "KINGSOFT JAPAN, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: insecurely loading Dynamic Link Libraries"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kingsoft.jp/support-info/weakness.html",
"refsource": "CONFIRM",
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-25969",
"datePublished": "2022-03-17T17:15:38",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-03T04:56:36.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25943 (GCVE-0-2022-25943)
Vulnerability from nvd – Published: 2022-03-09 04:45 – Updated: 2024-08-03 04:49
VLAI?
Summary
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.
Severity ?
No CVSS data available.
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WPS Office Software | WPS Office for Windows |
Affected:
versions prior to v11.2.0.10258
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:44.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.wps.com/whatsnew/pc/20210806/"
},
{
"name": "JVNVU#90673830: Installer of WPS Office for Windows misconfigures the ACL for the installation directory",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90673830/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WPS Office for Windows",
"vendor": "WPS Office Software",
"versions": [
{
"status": "affected",
"version": "versions prior to v11.2.0.10258"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T04:45:13",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.wps.com/whatsnew/pc/20210806/"
},
{
"name": "JVNVU#90673830: Installer of WPS Office for Windows misconfigures the ACL for the installation directory",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/vu/JVNVU90673830/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-25943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WPS Office for Windows",
"version": {
"version_data": [
{
"version_value": "versions prior to v11.2.0.10258"
}
]
}
}
]
},
"vendor_name": "WPS Office Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wps.com/whatsnew/pc/20210806/",
"refsource": "CONFIRM",
"url": "https://www.wps.com/whatsnew/pc/20210806/"
},
{
"name": "JVNVU#90673830: Installer of WPS Office for Windows misconfigures the ACL for the installation directory",
"refsource": "JVN",
"url": "https://jvn.jp/en/vu/JVNVU90673830/"
},
{
"name": "https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE",
"refsource": "MISC",
"url": "https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-25943",
"datePublished": "2022-03-09T04:45:13",
"dateReserved": "2022-03-08T00:00:00",
"dateUpdated": "2024-08-03T04:49:44.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25291 (GCVE-0-2020-25291)
Vulnerability from nvd – Published: 2020-09-13 19:35 – Updated: 2024-08-04 15:33
VLAI?
Summary
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zeifan.my/security/rce/heap/2020/09/03/wps-rce-heap.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-13T19:35:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zeifan.my/security/rce/heap/2020/09/03/wps-rce-heap.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zeifan.my/security/rce/heap/2020/09/03/wps-rce-heap.html",
"refsource": "MISC",
"url": "http://zeifan.my/security/rce/heap/2020/09/03/wps-rce-heap.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25291",
"datePublished": "2020-09-13T19:35:09",
"dateReserved": "2020-09-13T00:00:00",
"dateUpdated": "2024-08-04T15:33:05.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7546 (GCVE-0-2018-7546)
Vulnerability from nvd – Published: 2018-07-18 16:00 – Updated: 2024-08-05 06:31
VLAI?
Summary
wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2018-04657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-18T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2018-04657"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cnvd.org.cn/flaw/show/CNVD-2018-04657",
"refsource": "MISC",
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2018-04657"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7546",
"datePublished": "2018-07-18T16:00:00",
"dateReserved": "2018-02-27T00:00:00",
"dateUpdated": "2024-08-05T06:31:04.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57096 (GCVE-0-2024-57096)
Vulnerability from cvelistv5 – Published: 2025-05-14 00:00 – Updated: 2025-05-15 13:43
VLAI?
Summary
An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file.
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T13:42:31.370195Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T13:43:09.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T19:59:07.012Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/paokuwansui/wps_exp/blob/main/README"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57096",
"datePublished": "2025-05-14T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-05-15T13:43:09.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7263 (GCVE-0-2024-7263)
Vulnerability from cvelistv5 – Published: 2024-08-15 14:29 – Updated: 2024-08-22 05:46
VLAI?
Title
Arbitrary Code Execution in WPS Office
Summary
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.
The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kingsoft | WPS Office |
Affected:
12.2.0.13110 , < 12.2.0.17115
(custom)
|
Credits
Romain DUMONT (ESET)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kingsoft:wps_office:12.2.0.13110:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wps_office",
"vendor": "kingsoft",
"versions": [
{
"lessThanOrEqual": "12.2.0.17153",
"status": "affected",
"version": "12.2.0.13110",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T13:36:15.984437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T13:38:20.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.wps.com/",
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WPS Office",
"vendor": "Kingsoft",
"versions": [
{
"changes": [
{
"at": "12.1.0.17119",
"status": "unaffected"
}
],
"lessThan": "12.2.0.17115",
"status": "affected",
"version": "12.2.0.13110",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Romain DUMONT (ESET)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper path validation in \u003cb\u003epromecefpluginhost.exe\u003c/b\u003e in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.\u003cbr\u003eThe patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.\u003cbr\u003e"
}
],
"value": "Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.\nThe patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library."
}
],
"impacts": [
{
"capecId": "CAPEC-17",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-17: Using Malicious Files"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "A user clicking on a crafted hyperlink could lead to arbitrary code execution"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T05:46:47.221Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"url": "https://www.wps.com/whatsnew/pc/20240422/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to latest version\u003cbr\u003e"
}
],
"value": "Update to latest version"
}
],
"source": {
"discovery": "USER"
},
"title": "Arbitrary Code Execution in WPS Office",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2024-7263",
"datePublished": "2024-08-15T14:29:04.097Z",
"dateReserved": "2024-07-30T07:50:57.690Z",
"dateUpdated": "2024-08-22T05:46:47.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7262 (GCVE-0-2024-7262)
Vulnerability from cvelistv5 – Published: 2024-08-15 14:24 – Updated: 2025-10-21 22:55 X_Known Exploited Vulnerability
VLAI?
Title
Arbitrary Code Execution in WPS Office
Summary
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.
The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kingsoft | WPS Office |
Affected:
12.2.0.13110 , < 12.2.0.16412
(custom)
|
Credits
Romain DUMONT (ESET)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kingsoft:wps_office:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wps_office",
"vendor": "kingsoft",
"versions": [
{
"lessThan": "12.2.0.13489",
"status": "affected",
"version": "12.2.0.13110",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7262",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-31T03:55:30.362677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-09-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7262"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:47.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7262"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-03T00:00:00+00:00",
"value": "CVE-2024-7262 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.wps.com/",
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "WPS Office",
"vendor": "Kingsoft",
"versions": [
{
"lessThan": "12.2.0.16412",
"status": "affected",
"version": "12.2.0.13110",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "Romain DUMONT (ESET)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eImproper path validation in \u003cb\u003epromecefpluginhost.exe\u003c/b\u003e in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.\u003cbr\u003eThe vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.\nThe vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exploit found in-the-wild.\u003cbr\u003e"
}
],
"value": "Exploit found in-the-wild."
}
],
"impacts": [
{
"capecId": "CAPEC-17",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-17: Using Malicious Files"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N/RE:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "A user clicking on a crafted hyperlink could lead to arbitrary code execution"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T05:51:23.952Z",
"orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"shortName": "ESET"
},
"references": [
{
"url": "https://www.wps.com/whatsnew/pc/20240422/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to latest version\u003cbr\u003e"
}
],
"value": "Update to latest version"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"x_known-exploited-vulnerability"
],
"title": "Arbitrary Code Execution in WPS Office",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
"assignerShortName": "ESET",
"cveId": "CVE-2024-7262",
"datePublished": "2024-08-15T14:24:44.511Z",
"dateReserved": "2024-07-30T07:50:53.765Z",
"dateUpdated": "2025-10-21T22:55:47.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31275 (GCVE-0-2023-31275)
Vulnerability from cvelistv5 – Published: 2023-11-27 15:34 – Updated: 2025-11-04 19:16
VLAI?
Summary
An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-457 - Use of Uninitialized Variable
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WPS | WPS Office |
Affected:
11.2.0.11537
|
Credits
Discovered by Marcin 'Icewall' Noga of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:16:02.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1748",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1748"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1748"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WPS Office",
"vendor": "WPS",
"versions": [
{
"status": "affected",
"version": "11.2.0.11537"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Marcin \u0026#39;Icewall\u0026#39; Noga of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-27T18:00:07.348Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1748",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1748"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-31275",
"datePublished": "2023-11-27T15:34:38.413Z",
"dateReserved": "2023-05-08T16:03:16.914Z",
"dateUpdated": "2025-11-04T19:16:02.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-32548 (GCVE-0-2023-32548)
Vulnerability from cvelistv5 – Published: 2023-06-13 00:00 – Updated: 2025-01-03 19:23
VLAI?
Summary
OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed.
Severity ?
8.1 (High)
CWE
- OS Command Injection
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KINGSOFT JAPAN, INC. | WPS Office |
Affected:
version 10.8.0.6186
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.kingsoft.jp/about/20230605.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN36060509/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-32548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-03T19:23:05.670400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T19:23:14.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WPS Office",
"vendor": "KINGSOFT JAPAN, INC.",
"versions": [
{
"status": "affected",
"version": "version 10.8.0.6186"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://support.kingsoft.jp/about/20230605.html"
},
{
"url": "https://jvn.jp/en/jp/JVN36060509/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-32548",
"datePublished": "2023-06-13T00:00:00",
"dateReserved": "2023-05-11T00:00:00",
"dateUpdated": "2025-01-03T19:23:14.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26081 (GCVE-0-2022-26081)
Vulnerability from cvelistv5 – Published: 2022-03-17 17:15 – Updated: 2024-08-03 04:56
VLAI?
Summary
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
Severity ?
No CVSS data available.
CWE
- CWE-427 - insecurely loading Dynamic Link Libraries
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KINGSOFT JAPAN, INC. | The installer of WPS Office |
Affected:
Reported for Version 10.8.0.5745
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "The installer of WPS Office",
"vendor": "KINGSOFT JAPAN, INC.",
"versions": [
{
"status": "affected",
"version": "Reported for Version 10.8.0.5745"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: insecurely loading Dynamic Link Libraries",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T17:15:54",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-26081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "The installer of WPS Office",
"version": {
"version_data": [
{
"version_value": "Reported for Version 10.8.0.5745"
}
]
}
}
]
},
"vendor_name": "KINGSOFT JAPAN, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: insecurely loading Dynamic Link Libraries"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kingsoft.jp/support-info/weakness.html",
"refsource": "CONFIRM",
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-26081",
"datePublished": "2022-03-17T17:15:54",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25969 (GCVE-0-2022-25969)
Vulnerability from cvelistv5 – Published: 2022-03-17 17:15 – Updated: 2024-08-03 04:56
VLAI?
Summary
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
Severity ?
No CVSS data available.
CWE
- CWE-427 - insecurely loading Dynamic Link Libraries
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KINGSOFT JAPAN, INC. | The installer of WPS Office |
Affected:
Reported for Version 10.8.0.6186
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:36.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "The installer of WPS Office",
"vendor": "KINGSOFT JAPAN, INC.",
"versions": [
{
"status": "affected",
"version": "Reported for Version 10.8.0.6186"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: insecurely loading Dynamic Link Libraries",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T17:15:38",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-25969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "The installer of WPS Office",
"version": {
"version_data": [
{
"version_value": "Reported for Version 10.8.0.6186"
}
]
}
}
]
},
"vendor_name": "KINGSOFT JAPAN, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: insecurely loading Dynamic Link Libraries"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kingsoft.jp/support-info/weakness.html",
"refsource": "CONFIRM",
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-25969",
"datePublished": "2022-03-17T17:15:38",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-03T04:56:36.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25943 (GCVE-0-2022-25943)
Vulnerability from cvelistv5 – Published: 2022-03-09 04:45 – Updated: 2024-08-03 04:49
VLAI?
Summary
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.
Severity ?
No CVSS data available.
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WPS Office Software | WPS Office for Windows |
Affected:
versions prior to v11.2.0.10258
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:44.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.wps.com/whatsnew/pc/20210806/"
},
{
"name": "JVNVU#90673830: Installer of WPS Office for Windows misconfigures the ACL for the installation directory",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90673830/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WPS Office for Windows",
"vendor": "WPS Office Software",
"versions": [
{
"status": "affected",
"version": "versions prior to v11.2.0.10258"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T04:45:13",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.wps.com/whatsnew/pc/20210806/"
},
{
"name": "JVNVU#90673830: Installer of WPS Office for Windows misconfigures the ACL for the installation directory",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/vu/JVNVU90673830/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-25943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WPS Office for Windows",
"version": {
"version_data": [
{
"version_value": "versions prior to v11.2.0.10258"
}
]
}
}
]
},
"vendor_name": "WPS Office Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wps.com/whatsnew/pc/20210806/",
"refsource": "CONFIRM",
"url": "https://www.wps.com/whatsnew/pc/20210806/"
},
{
"name": "JVNVU#90673830: Installer of WPS Office for Windows misconfigures the ACL for the installation directory",
"refsource": "JVN",
"url": "https://jvn.jp/en/vu/JVNVU90673830/"
},
{
"name": "https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE",
"refsource": "MISC",
"url": "https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-25943",
"datePublished": "2022-03-09T04:45:13",
"dateReserved": "2022-03-08T00:00:00",
"dateUpdated": "2024-08-03T04:49:44.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25291 (GCVE-0-2020-25291)
Vulnerability from cvelistv5 – Published: 2020-09-13 19:35 – Updated: 2024-08-04 15:33
VLAI?
Summary
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zeifan.my/security/rce/heap/2020/09/03/wps-rce-heap.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-13T19:35:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zeifan.my/security/rce/heap/2020/09/03/wps-rce-heap.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zeifan.my/security/rce/heap/2020/09/03/wps-rce-heap.html",
"refsource": "MISC",
"url": "http://zeifan.my/security/rce/heap/2020/09/03/wps-rce-heap.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25291",
"datePublished": "2020-09-13T19:35:09",
"dateReserved": "2020-09-13T00:00:00",
"dateUpdated": "2024-08-04T15:33:05.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7546 (GCVE-0-2018-7546)
Vulnerability from cvelistv5 – Published: 2018-07-18 16:00 – Updated: 2024-08-05 06:31
VLAI?
Summary
wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2018-04657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-18T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2018-04657"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cnvd.org.cn/flaw/show/CNVD-2018-04657",
"refsource": "MISC",
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2018-04657"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7546",
"datePublished": "2018-07-18T16:00:00",
"dateReserved": "2018-02-27T00:00:00",
"dateUpdated": "2024-08-05T06:31:04.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}