Vulnerabilities > CVE-2021-40399 - Use After Free vulnerability in WPS Office 11.2.0.10351

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

wps

CWE-416

NVD

Published: 2022-05-12

Updated: 2022-05-23

Summary

An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Wps WPS WPS Office 11.2.0.10351	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1412
https://security.wps.cn/notices/28