Vulnerabilities > Kingsoft > WPS Office > 10.8.0.5745

DATE CVE VULNERABILITY TITLE RISK
2024-08-15 CVE-2024-7263 Path Traversal vulnerability in Kingsoft WPS Office
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough.
local
low complexity
kingsoft CWE-22
7.8
7.8
2022-03-17 CVE-2022-26081 Uncontrolled Search Path Element vulnerability in Kingsoft WPS Office 10.8.0.5745
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
local
low complexity
kingsoft CWE-427
7.8
7.8
2020-09-13 CVE-2020-25291 Out-of-bounds Write vulnerability in Kingsoft WPS Office
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document.
local
low complexity
kingsoft CWE-787
7.8
7.8