Search

Find a vulnerability

Search criteria

    10 vulnerabilities by KINGSOFT JAPAN, INC.

    CVE-2023-32548 (GCVE-0-2023-32548)

    Vulnerability from nvd – Published: 2023-06-13 00:00 – Updated: 2025-01-03 19:23
    VLAI
    Summary
    OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • OS Command Injection
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    KINGSOFT JAPAN, INC. WPS Office Affected: version 10.8.0.6186
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.622Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.kingsoft.jp/about/20230605.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN36060509/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32548",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-03T19:23:05.670400Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-03T19:23:14.601Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WPS Office",
              "vendor": "KINGSOFT JAPAN, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.8.0.6186"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-13T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://support.kingsoft.jp/about/20230605.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN36060509/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-32548",
        "datePublished": "2023-06-13T00:00:00.000Z",
        "dateReserved": "2023-05-11T00:00:00.000Z",
        "dateUpdated": "2025-01-03T19:23:14.601Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26511 (GCVE-0-2022-26511)

    Vulnerability from nvd – Published: 2022-03-17 17:16 – Updated: 2024-08-03 05:03
    VLAI
    Summary
    WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading).
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - insecurely loading Dynamic Link Libraries
    Assigner
    References
    URL Tags
    https://support.kingsoft.jp/support-info/weakness.html x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN21234459/ third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    KINGSOFT JAPAN, INC. WPS Presentation Affected: Reported for Version 11.8.0.5745
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:03:32.904Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.kingsoft.jp/support-info/weakness.html"
              },
              {
                "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN21234459/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WPS Presentation",
              "vendor": "KINGSOFT JAPAN, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Reported for Version 11.8.0.5745"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files(\u0027current directory type\u0027 DLL loading)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: insecurely loading Dynamic Link Libraries",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-17T17:16:05.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.kingsoft.jp/support-info/weakness.html"
            },
            {
              "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN21234459/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-26511",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WPS Presentation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Reported for Version 11.8.0.5745"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KINGSOFT JAPAN, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files(\u0027current directory type\u0027 DLL loading)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427: insecurely loading Dynamic Link Libraries"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.kingsoft.jp/support-info/weakness.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.kingsoft.jp/support-info/weakness.html"
                },
                {
                  "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN21234459/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-26511",
        "datePublished": "2022-03-17T17:16:05.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:03:32.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26081 (GCVE-0-2022-26081)

    Vulnerability from nvd – Published: 2022-03-17 17:15 – Updated: 2024-08-03 04:56
    VLAI
    Summary
    The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - insecurely loading Dynamic Link Libraries
    Assigner
    References
    URL Tags
    https://support.kingsoft.jp/support-info/weakness.html x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN21234459/ third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    KINGSOFT JAPAN, INC. The installer of WPS Office Affected: Reported for Version 10.8.0.5745
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:37.604Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.kingsoft.jp/support-info/weakness.html"
              },
              {
                "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN21234459/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "The installer of WPS Office",
              "vendor": "KINGSOFT JAPAN, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Reported for Version 10.8.0.5745"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: insecurely loading Dynamic Link Libraries",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-17T17:15:54.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.kingsoft.jp/support-info/weakness.html"
            },
            {
              "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN21234459/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-26081",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "The installer of WPS Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Reported for Version 10.8.0.5745"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KINGSOFT JAPAN, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427: insecurely loading Dynamic Link Libraries"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.kingsoft.jp/support-info/weakness.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.kingsoft.jp/support-info/weakness.html"
                },
                {
                  "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN21234459/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-26081",
        "datePublished": "2022-03-17T17:15:54.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:56:37.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25969 (GCVE-0-2022-25969)

    Vulnerability from nvd – Published: 2022-03-17 17:15 – Updated: 2024-08-03 04:56
    VLAI
    Summary
    The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - insecurely loading Dynamic Link Libraries
    Assigner
    References
    URL Tags
    https://support.kingsoft.jp/support-info/weakness.html x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN21234459/ third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    KINGSOFT JAPAN, INC. The installer of WPS Office Affected: Reported for Version 10.8.0.6186
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:36.775Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.kingsoft.jp/support-info/weakness.html"
              },
              {
                "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN21234459/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "The installer of WPS Office",
              "vendor": "KINGSOFT JAPAN, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Reported for Version 10.8.0.6186"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: insecurely loading Dynamic Link Libraries",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-17T17:15:38.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.kingsoft.jp/support-info/weakness.html"
            },
            {
              "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN21234459/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-25969",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "The installer of WPS Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Reported for Version 10.8.0.6186"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KINGSOFT JAPAN, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427: insecurely loading Dynamic Link Libraries"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.kingsoft.jp/support-info/weakness.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.kingsoft.jp/support-info/weakness.html"
                },
                {
                  "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN21234459/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-25969",
        "datePublished": "2022-03-17T17:15:38.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:56:36.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25949 (GCVE-0-2022-25949)

    Vulnerability from nvd – Published: 2022-03-17 17:15 – Updated: 2024-08-03 04:56
    VLAI
    Summary
    The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • CWE-121 - stack-based buffer overflow
    Assigner
    References
    URL Tags
    https://support.kingsoft.jp/support-info/weakness.html x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN21234459/ third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    KINGSOFT JAPAN, INC. KINGSOFT Internet Security 9 Plus Affected: Reported for Version 2010.06.23.247
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:36.510Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.kingsoft.jp/support-info/weakness.html"
              },
              {
                "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN21234459/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "KINGSOFT Internet Security 9 Plus",
              "vendor": "KINGSOFT JAPAN, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Reported for Version 2010.06.23.247"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: stack-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-17T17:15:25.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.kingsoft.jp/support-info/weakness.html"
            },
            {
              "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN21234459/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-25949",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "KINGSOFT Internet Security 9 Plus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Reported for Version 2010.06.23.247"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KINGSOFT JAPAN, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121: stack-based buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.kingsoft.jp/support-info/weakness.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.kingsoft.jp/support-info/weakness.html"
                },
                {
                  "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN21234459/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-25949",
        "datePublished": "2022-03-17T17:15:25.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:56:36.510Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32548 (GCVE-0-2023-32548)

    Vulnerability from cvelistv5 – Published: 2023-06-13 00:00 – Updated: 2025-01-03 19:23
    VLAI
    Summary
    OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • OS Command Injection
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    KINGSOFT JAPAN, INC. WPS Office Affected: version 10.8.0.6186
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.622Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.kingsoft.jp/about/20230605.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN36060509/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32548",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-03T19:23:05.670400Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-03T19:23:14.601Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WPS Office",
              "vendor": "KINGSOFT JAPAN, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 10.8.0.6186"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-13T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://support.kingsoft.jp/about/20230605.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN36060509/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-32548",
        "datePublished": "2023-06-13T00:00:00.000Z",
        "dateReserved": "2023-05-11T00:00:00.000Z",
        "dateUpdated": "2025-01-03T19:23:14.601Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26511 (GCVE-0-2022-26511)

    Vulnerability from cvelistv5 – Published: 2022-03-17 17:16 – Updated: 2024-08-03 05:03
    VLAI
    Summary
    WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading).
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - insecurely loading Dynamic Link Libraries
    Assigner
    References
    URL Tags
    https://support.kingsoft.jp/support-info/weakness.html x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN21234459/ third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    KINGSOFT JAPAN, INC. WPS Presentation Affected: Reported for Version 11.8.0.5745
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:03:32.904Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.kingsoft.jp/support-info/weakness.html"
              },
              {
                "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN21234459/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WPS Presentation",
              "vendor": "KINGSOFT JAPAN, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Reported for Version 11.8.0.5745"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files(\u0027current directory type\u0027 DLL loading)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: insecurely loading Dynamic Link Libraries",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-17T17:16:05.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.kingsoft.jp/support-info/weakness.html"
            },
            {
              "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN21234459/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-26511",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WPS Presentation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Reported for Version 11.8.0.5745"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KINGSOFT JAPAN, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files(\u0027current directory type\u0027 DLL loading)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427: insecurely loading Dynamic Link Libraries"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.kingsoft.jp/support-info/weakness.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.kingsoft.jp/support-info/weakness.html"
                },
                {
                  "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN21234459/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-26511",
        "datePublished": "2022-03-17T17:16:05.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:03:32.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26081 (GCVE-0-2022-26081)

    Vulnerability from cvelistv5 – Published: 2022-03-17 17:15 – Updated: 2024-08-03 04:56
    VLAI
    Summary
    The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - insecurely loading Dynamic Link Libraries
    Assigner
    References
    URL Tags
    https://support.kingsoft.jp/support-info/weakness.html x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN21234459/ third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    KINGSOFT JAPAN, INC. The installer of WPS Office Affected: Reported for Version 10.8.0.5745
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:37.604Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.kingsoft.jp/support-info/weakness.html"
              },
              {
                "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN21234459/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "The installer of WPS Office",
              "vendor": "KINGSOFT JAPAN, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Reported for Version 10.8.0.5745"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: insecurely loading Dynamic Link Libraries",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-17T17:15:54.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.kingsoft.jp/support-info/weakness.html"
            },
            {
              "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN21234459/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-26081",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "The installer of WPS Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Reported for Version 10.8.0.5745"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KINGSOFT JAPAN, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427: insecurely loading Dynamic Link Libraries"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.kingsoft.jp/support-info/weakness.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.kingsoft.jp/support-info/weakness.html"
                },
                {
                  "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN21234459/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-26081",
        "datePublished": "2022-03-17T17:15:54.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:56:37.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25969 (GCVE-0-2022-25969)

    Vulnerability from cvelistv5 – Published: 2022-03-17 17:15 – Updated: 2024-08-03 04:56
    VLAI
    Summary
    The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - insecurely loading Dynamic Link Libraries
    Assigner
    References
    URL Tags
    https://support.kingsoft.jp/support-info/weakness.html x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN21234459/ third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    KINGSOFT JAPAN, INC. The installer of WPS Office Affected: Reported for Version 10.8.0.6186
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:36.775Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.kingsoft.jp/support-info/weakness.html"
              },
              {
                "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN21234459/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "The installer of WPS Office",
              "vendor": "KINGSOFT JAPAN, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Reported for Version 10.8.0.6186"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: insecurely loading Dynamic Link Libraries",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-17T17:15:38.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.kingsoft.jp/support-info/weakness.html"
            },
            {
              "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN21234459/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-25969",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "The installer of WPS Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Reported for Version 10.8.0.6186"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KINGSOFT JAPAN, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427: insecurely loading Dynamic Link Libraries"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.kingsoft.jp/support-info/weakness.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.kingsoft.jp/support-info/weakness.html"
                },
                {
                  "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN21234459/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-25969",
        "datePublished": "2022-03-17T17:15:38.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:56:36.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25949 (GCVE-0-2022-25949)

    Vulnerability from cvelistv5 – Published: 2022-03-17 17:15 – Updated: 2024-08-03 04:56
    VLAI
    Summary
    The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • CWE-121 - stack-based buffer overflow
    Assigner
    References
    URL Tags
    https://support.kingsoft.jp/support-info/weakness.html x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN21234459/ third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    KINGSOFT JAPAN, INC. KINGSOFT Internet Security 9 Plus Affected: Reported for Version 2010.06.23.247
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:36.510Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.kingsoft.jp/support-info/weakness.html"
              },
              {
                "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN21234459/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "KINGSOFT Internet Security 9 Plus",
              "vendor": "KINGSOFT JAPAN, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Reported for Version 2010.06.23.247"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: stack-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-17T17:15:25.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.kingsoft.jp/support-info/weakness.html"
            },
            {
              "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN21234459/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-25949",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "KINGSOFT Internet Security 9 Plus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Reported for Version 2010.06.23.247"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KINGSOFT JAPAN, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121: stack-based buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.kingsoft.jp/support-info/weakness.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.kingsoft.jp/support-info/weakness.html"
                },
                {
                  "name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN21234459/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-25949",
        "datePublished": "2022-03-17T17:15:25.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:56:36.510Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }