Vulnerabilities > CVE-2023-31275 - Use of Uninitialized Resource vulnerability in Kingsoft WPS Office 11.2.0.11537

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

kingsoft

CWE-908

NVD

Published: 2023-11-27

Updated: 2023-12-01

Summary

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Kingsoft Kingsoft WPS Office 11.2.0.11537	1

Common Weakness Enumeration (CWE)

CWE-908 - Use of Uninitialized Resource

References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1748