CVE-2012-4886
published 2014-03-24CVE-2012-4886: Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR…
PriorityP357critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
15.35%
96.4th percentile
Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kingsoft | office_2012 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Inspect .wps files for anomalously long BSTR strings at file offset 0x41d7, which is the source of the malicious memcpy data triggering the overflow. ↗
- →Detect overwritten SEH chain pointing to 0x90909090 (NOP sled) as a sign of active exploitation of this vulnerability. ↗
- →Flag wpsio.dll with file version 8.1.0.3238 (timestamp Mon May 28 04:10:12 2012, CheckSum 0026D933, ImageSize 0026F000) as the confirmed vulnerable binary. ↗
- ·The CVE description states the affected version is 'possibly 8.1.0.3238', but the crash dump and module info from the PoC confirm version 8.1.0.3238 as the tested vulnerable build. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Kingsoft Office 2012 8.1.0.3238 wpsio.dll memory corruption (Exploit 121431 / EDB-25140)
vuldb·2026-05-08·CVSS 10.0
CVE-2012-4886 [CRITICAL] Kingsoft Office 2012 8.1.0.3238 wpsio.dll memory corruption (Exploit 121431 / EDB-25140)
A vulnerability was found in Kingsoft Office 2012 8.1.0.3238. It has been declared as critical. This affects an unknown part in the library wpsio.dll. Executing a manipulation can lead to memory corruption.
This vulnerability is tracked as CVE-2012-4886. The attack can be launched remotely. Moreover, an exploit is present.
GHSA
GHSA-hx79-wghx-8337: Stack-based buffer overflow in wpsio
ghsa_unreviewed·2022-05-17
CVE-2012-4886 [HIGH] CWE-119 GHSA-hx79-wghx-8337: Stack-based buffer overflow in wpsio
Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/92847http://packetstormsecurity.com/files/121431/WPS-Office-Stack-Buffer-Overflow.htmlhttp://seclists.org/fulldisclosure/2013/Apr/247http://www.exploit-db.com/exploits/25140http://www.securityfocus.com/bid/59529https://exchange.xforce.ibmcloud.com/vulnerabilities/83862http://osvdb.org/92847http://packetstormsecurity.com/files/121431/WPS-Office-Stack-Buffer-Overflow.htmlhttp://seclists.org/fulldisclosure/2013/Apr/247http://www.exploit-db.com/exploits/25140http://www.securityfocus.com/bid/59529https://exchange.xforce.ibmcloud.com/vulnerabilities/83862
2014-03-24
Published