cbcvebase.

Wps Office vulnerabilities

5 known vulnerabilities affecting wps/wps_office.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2022-24934P1CRITICALCVSS 9.8Exploited≤ 11.2.0.103822022-03-23
CVE-2022-24934 [CRITICAL] CVE-2022-24934: wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.
nvd
CVE-2014-2271P3HIGHCVSS 8.1v5.3.12020-01-14
CVE-2014-2271 [HIGH] CWE-20 CVE-2014-2271: cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 d cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and
nvd
CVE-2023-31275P3HIGHCVSS 7.8v11.2.0.115372023-11-27
CVE-2023-31275 [HIGH] CWE-457 CVE-2023-31275: An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 th An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
nvd
CVE-2021-40399P3HIGHCVSS 7.8v11.2.0.103512022-05-12
CVE-2021-40399 [HIGH] CWE-416 CVE-2021-40399: An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.
nvd
CVE-2018-6390P4MEDIUMCVSS 6.5v10.1.0.7106v10.2.0.59782018-01-29
CVE-2018-6390 [MEDIUM] CWE-119 CVE-2018-6390: The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not val The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file.
nvd
Wps Office vulnerabilities | cvebase