Kingsoft: Security Vulnerabilities
An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-05-14
CVE-2024-7262
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.
The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document
Known exploited
CVSS Score
7.8
EPSS Score
0.217
Published
2024-08-15
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.
The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-08-15
An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.007
Published
2023-11-27
OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed.
CVSS Score
8.1
EPSS Score
0.009
Published
2023-06-13
The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.
CVSS Score
7.8
EPSS Score
0.013
Published
2022-03-17
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-03-17
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-03-17
WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading).
CVSS Score
7.8
EPSS Score
0.002
Published
2022-03-17
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.
CVSS Score
7.8
EPSS Score
0.099
Published
2022-03-09
Page 1