Kingsoft: >> Wps Office >> 10.8.0.6186 Security Vulnerabilities
An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-05-14
OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed.
CVSS Score
8.1
EPSS Score
0.009
Published
2023-06-13
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-03-17
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.
CVSS Score
7.8
EPSS Score
0.011
Published
2020-09-13