📦

wps_office

Vendor: kingsoft

Actively Exploited 1 CISA KEV List

PoC / Exploits 2 Code Available

Total RCEs 6 Remote Access

Total CVEs 11 Total Indexed

Avg. EPSS 4.00% Exploit Prob.

Latest CVE CVE-2024-57096 May 14

Security Vulnerability Index

Page 2 / 2

7.8 CVSS

CVE-2020-25291

GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.

EPSS: 1.15%

Severity: HIGH

Sep 13, 2020

8.1 CVSS

CVE-2014-2271

cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic.

EPSS: 1.80%

Severity: HIGH

Jan 14, 2020

5.5 CVSS

CVE-2018-7546

wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file.

EPSS: 0.24%

Severity: MEDIUM

Jul 18, 2018

6.5 CVSS

CVE-2018-6390

The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file.

EPSS: 0.40%

Severity: MEDIUM

Jan 29, 2018

5.5 CVSS

CVE-2017-17967

pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482.

EPSS: 0.24%

Severity: MEDIUM

Dec 28, 2017

Displaying 5 of 11 Total Entries

1 2

Total 2 Sections