Skip to main content

Wps Office

13 CVEs product

Monthly

CVE-2024-57096 MEDIUM This Month

An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Wps Office
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-7263 CRITICAL Act Now

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Wps Office
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-7262 CRITICAL KEV THREAT Act Now

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Wps Office
NVD
CVSS 4.0
9.3
EPSS
1.8%
CVE-2023-31275 HIGH This Week

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Wps Office
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2023-32548 HIGH This Week

OS command injection vulnerability exists in WPS Office version 10.8.0.6186. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Microsoft Wps Office
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-24934 CRITICAL POC THREAT Act Now

wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Wps Office
NVD
CVSS 3.1
9.8
EPSS
20.5%
CVE-2022-26081 HIGH This Week

The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Wps Office
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-25969 HIGH This Week

The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Wps Office
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-25943 HIGH POC This Week

The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Wps Office
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-25291 HIGH POC This Week

GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft Memory Corruption Wps Office
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2018-7546 MEDIUM This Month

wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Buffer Overflow Jinshan Pdf Wps Office
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-6390 MEDIUM POC This Month

The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Buffer Overflow Wps Office
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2017-17967 MEDIUM This Month

pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Wps Office
NVD
CVSS 3.0
5.5
EPSS
0.2%
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Wps Office
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Wps Office
NVD
EPSS 2% CVSS 9.3
CRITICAL KEV THREAT Act Now

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Wps Office
NVD
EPSS 2% CVSS 7.8
HIGH This Week

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Wps Office
NVD
EPSS 1% CVSS 8.1
HIGH This Week

OS command injection vulnerability exists in WPS Office version 10.8.0.6186. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Microsoft Wps Office
NVD
EPSS 20% CVSS 9.8
CRITICAL POC THREAT Act Now

wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Wps Office
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Wps Office
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Wps Office
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Wps Office
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC This Week

GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft Memory Corruption +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Buffer Overflow +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Wps Office
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy