Vulnerabilities > Kingsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-15 | CVE-2024-7262 | Path Traversal vulnerability in Kingsoft WPS Office Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document | 7.8 |
| 2024-08-15 | CVE-2024-7263 | Path Traversal vulnerability in Kingsoft WPS Office Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. | 7.8 |
| 2023-11-27 | CVE-2023-31275 | Use of Uninitialized Resource vulnerability in Kingsoft WPS Office 11.2.0.11537 An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. | 7.8 |
| 2023-06-13 | CVE-2023-32548 | OS Command Injection vulnerability in Kingsoft WPS Office 10.8.0.6186 OS command injection vulnerability exists in WPS Office version 10.8.0.6186. | 8.1 |
| 2022-03-17 | CVE-2022-25949 | Out-of-bounds Write vulnerability in Kingsoft Internet Security 9 Plus 2010.06.23.247 The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow. | 7.2 |
| 2022-03-17 | CVE-2022-25969 | Uncontrolled Search Path Element vulnerability in Kingsoft WPS Office 10.8.0.6186 The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. | 6.8 |
| 2022-03-17 | CVE-2022-26081 | Uncontrolled Search Path Element vulnerability in Kingsoft WPS Office 10.8.0.5745 The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. | 6.8 |
| 2022-03-17 | CVE-2022-26511 | Uncontrolled Search Path Element vulnerability in Kingsoft WPS Presentation 11.8.0.5745 WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading). | 6.8 |
| 2022-03-09 | CVE-2022-25943 | Incorrect Default Permissions vulnerability in Kingsoft WPS Office The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. | 4.6 |
| 2020-09-13 | CVE-2020-25291 | Out-of-bounds Write vulnerability in Kingsoft WPS Office GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. | 6.8 |