Vulnerabilities > Kingsoft

DATE CVE VULNERABILITY TITLE RISK
2023-11-27 CVE-2023-31275 Use of Uninitialized Resource vulnerability in Kingsoft WPS Office 11.2.0.11537
An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file.
local
low complexity
kingsoft CWE-908
7.8
2023-06-13 CVE-2023-32548 OS Command Injection vulnerability in Kingsoft WPS Office 10.8.0.6186
OS command injection vulnerability exists in WPS Office version 10.8.0.6186.
network
high complexity
kingsoft CWE-78
8.1
2022-03-17 CVE-2022-25949 Out-of-bounds Write vulnerability in Kingsoft Internet Security 9 Plus 2010.06.23.247
The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.
local
low complexity
kingsoft CWE-787
7.2
2022-03-17 CVE-2022-25969 Uncontrolled Search Path Element vulnerability in Kingsoft WPS Office 10.8.0.6186
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
network
kingsoft CWE-427
6.8
2022-03-17 CVE-2022-26081 Uncontrolled Search Path Element vulnerability in Kingsoft WPS Office 10.8.0.5745
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
network
kingsoft CWE-427
6.8
2022-03-17 CVE-2022-26511 Uncontrolled Search Path Element vulnerability in Kingsoft WPS Presentation 11.8.0.5745
WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading).
network
kingsoft CWE-427
6.8
2022-03-09 CVE-2022-25943 Incorrect Default Permissions vulnerability in Kingsoft WPS Office
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.
local
low complexity
kingsoft CWE-276
4.6
2020-09-13 CVE-2020-25291 Out-of-bounds Write vulnerability in Kingsoft WPS Office
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document.
network
kingsoft CWE-787
6.8
2018-07-18 CVE-2018-7546 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kingsoft Jinshan PDF and WPS Office
wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file.
network
kingsoft CWE-119
4.3
2018-03-30 CVE-2018-9151 NULL Pointer Dereference vulnerability in Kingsoft Internet Security 9 Plus 2010.06.23.247
A NULL pointer dereference bug in the function ObReferenceObjectByHandle in the Kingsoft Internet Security 9+ kernel driver KWatch3.sys allows local non-privileged users to crash the system via IOCTL 0x80030030.
local
low complexity
kingsoft CWE-476
4.9