Kingsoft : Security Vulnerabilities, CVEs, CVSS score >= 8
OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed.
Max CVSS
8.1
EPSS Score
0.15%
Published
2023-06-13
Updated
2023-06-21
An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
Max CVSS
8.8
EPSS Score
0.10%
Published
2023-11-27
Updated
2023-12-01
Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as used in Kingsoft Office 2013 before 9.1.0.4256, allows remote attackers to execute arbitrary code via a long font name in a WPS file.
Max CVSS
9.3
EPSS Score
5.63%
Published
2013-09-10
Updated
2013-09-10
Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spreadsheets 2012 8.1.0.3030 allow remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a crafted spreadsheet file.
Max CVSS
9.3
EPSS Score
0.13%
Published
2013-07-29
Updated
2013-07-30
Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows remote attackers to execute arbitrary code via a crafted RTF document.
Max CVSS
9.3
EPSS Score
0.38%
Published
2013-03-05
Updated
2013-03-05
Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string.
Max CVSS
10.0
EPSS Score
42.42%
Published
2014-03-24
Updated
2017-08-29
Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in UpdateOcx2.dll in Beijing KingSoft Antivirus Online Update Module 2007.12.29.29 allows remote attackers to execute arbitrary code via a long argument to the SetUninstallName method.
Max CVSS
10.0
EPSS Score
14.46%
Published
2008-03-12
Updated
2017-09-29
7 vulnerabilities found