Vulnerability Report

CVE-2012-4886

Title: Kingsoft Office 2012 RCE

Memory Corruption

Proof Of Concept

PoC Available for CVE-2012-4886

CWE Category CWE-119

Published Date Mar 24, 2014

Modified Date May 06, 2026

Exploit Status Available

Score 10.0 CVSS v2.0

Exploit Probability (EPSS)

53.44%

Vulnerability Summary

CVE-2012-4886: Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string.

Impacted Vendors

kingsoft 1

Reference Links

http://osvdb.org/92847 http://packetstormsecurity.com/files/121431/WPS-Office-Stack-Buffer-Overflow.html http://seclists.org/fulldisclosure/2013/Apr/247 http://www.exploit-db.com/exploits/25140 http://www.securityfocus.com/bid/59529 https://exchange.xforce.ibmcloud.com/vulnerabilities/83862 http://osvdb.org/92847 http://packetstormsecurity.com/files/121431/WPS-Office-Stack-Buffer-Overflow.html http://seclists.org/fulldisclosure/2013/Apr/247 http://www.exploit-db.com/exploits/25140 http://www.securityfocus.com/bid/59529 https://exchange.xforce.ibmcloud.com/vulnerabilities/83862

CVSS v2.0

Source Entity [email protected]

Severity HIGH

10.0

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2012-4886 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/25140

View Code

May 06, 2026 MODIFIED

Vulnerability data updated via NVD.

May 06, 2026 MODIFIED

Vulnerability data updated via NVD.

April 12, 2025 MODIFIED

Vulnerability data or affected products updated.

March 24, 2014 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.