Kingsoft Wps_office
10 CVEs affecting Kingsoft Wps_office. Latest disclosed: 2025-05-14. Critical: 0, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-31275 | High | 8.8 | 2023-11-27 | An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially craf… |
CVE-2023-32548 | High | 8.1 | 2023-06-13 | OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the produ… |
CVE-2024-7263 | High | 7.8 | 2024-08-15 | Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an at… |
CVE-2024-7262 | High | 7.8 | 2024-08-15 | Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an at… |
CVE-2022-26081 | High | 7.8 | 2022-03-17 | The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invok… |
CVE-2022-25969 | High | 7.8 | 2022-03-17 | The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privi… |
CVE-2022-25943 | High | 7.8 | 2022-03-09 | The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is inst… |
CVE-2020-25291 | High | 7.8 | 2020-09-13 | GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This i… |
CVE-2024-57096 | Medium | 5.5 | 2025-05-14 | An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file. |
CVE-2018-7546 | Medium | 5.5 | 2018-07-18 | wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file. |