Buffer overflow in Kingsoft Office_2012

CVE-2012-4886

Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string.

Vulnerability class: Buffer Overflow

EPSS: 0.534 (98.0th percentile) — read the EPSS interpretation.

Affected products

Kingsoft Office_2012 — versions 8.1.0.3238
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (Exploit, x_refsource_MISC)
wpsoffice-wpsio-bo(83862) (vdb-entry, x_refsource_XF)
92847 (x_refsource_OSVDB, vdb-entry)
59529 (vdb-entry, x_refsource_BID)
20130427 WPS Office Wpsio.dll Stack Buffer Overflow Vulnerability (mailing-list, x_refsource_FULLDISC)
25140 (Exploit, exploit, x_refsource_EXPLOIT-DB)