What is CVE-2013-3934?

CVE-2013-3934 is a vulnerability in Kingsoft Office_2012, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2013-09-10.

Is CVE-2013-3934 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Kingsoft Office_2012

CVE-2013-3934

Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as used in Kingsoft Office 2013 before 9.1.0.4256, allows remote attackers to execute arbitrary code via a long font name in a WPS file.

Vulnerability class: Buffer Overflow

EPSS: 0.382 (97.3th percentile) — read the EPSS interpretation.

Affected products

Kingsoft Office_2012 — versions 8.1.0.3385
Kingsoft Writer_2012 — versions 8.1.0.3030
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

MrTuxracer/advisories

References

53266 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
61796 (vdb-entry, x_refsource_BID)
1028920 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2013-3934?: CVE-2013-3934 is a vulnerability in Kingsoft Office_2012, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2013-09-10.
Is CVE-2013-3934 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.