Vulnerabilities > WPS > WPS Office
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-12 | CVE-2021-40399 | Use After Free vulnerability in WPS Office 11.2.0.10351 An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. | 6.8 |
| 2022-03-23 | CVE-2022-24934 | Unspecified vulnerability in WPS Office 10.1.0.7106/10.2.0.5978/5.3.1 wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. | 7.5 |
| 2020-01-14 | CVE-2014-2271 | Improper Input Validation vulnerability in multiple products cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic. | 6.8 |
| 2018-01-29 | CVE-2018-6390 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in WPS Office 10.1.0.7106/10.2.0.5978 The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file. | 4.3 |