Vulnerabilities > CVE-2020-25291 - Out-of-bounds Write vulnerability in Kingsoft WPS Office

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

kingsoft

CWE-787

NVD

Published: 2020-09-13

Updated: 2020-09-17

Summary

GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.

Vulnerable Configurations

Part	Description	Count
Application	Kingsoft Kingsoft WPS Office - Kingsoft WPS Office 10.8.0.5745 Kingsoft WPS Office 10.8.0.6186 Kingsoft WPS Office 11.2.0.8668 Kingsoft WPS Office 11.2.0.8684 Kingsoft WPS Office 11.2.0.8893 Kingsoft WPS Office 11.2.0.8934 Kingsoft WPS Office 11.2.0.8942 Kingsoft WPS Office 11.2.0.8970 Kingsoft WPS Office 11.2.0.8991 Kingsoft WPS Office 11.2.0.9031 Kingsoft WPS Office 11.2.0.9052 Kingsoft WPS Office 11.2.0.9070 Kingsoft WPS Office 11.2.0.9107 Kingsoft WPS Office 11.2.0.9127 Kingsoft WPS Office 11.2.0.9144 Kingsoft WPS Office 11.2.0.9169 Kingsoft WPS Office 11.2.0.9232 Kingsoft WPS Office 11.2.0.9255 Kingsoft WPS Office 11.2.0.9281 Kingsoft WPS Office 11.2.0.9327 Kingsoft WPS Office 11.2.0.9363 Kingsoft WPS Office 11.2.0.9396	23

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

http://zeifan.my/security/rce/heap/2020/09/03/wps-rce-heap.html