Kingsoft

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-57096 1Kingsoft 1Wps Office Oct 30, 2025 May 14, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file.
CVE-2024-7263 1Kingsoft 1Wps Office Apr 24, 2025 Aug 15, 2024 9.3 CRITICAL· v4 7.8 HIGH· v3 N/A· v2 Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch releas...Show more Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.Show less
CVE-2024-7262 1Kingsoft 1Wps Office Oct 30, 2025 Aug 15, 2024 9.3 CRITICAL· v4 7.8 HIGH· v3 N/A· v2 Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerabilit...Show more Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet documentShow less
CVE-2023-31275 1Kingsoft 1Wps Office Nov 4, 2025 Nov 27, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An atta...Show more An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2023-32548 1Kingsoft 1Wps Office Jan 3, 2025 Jun 13, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data,...Show more OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed.Show less
CVE-2022-26511 1Kingsoft 1Wps Presentation Nov 21, 2024 Mar 17, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading).
CVE-2022-26081 1Kingsoft 1Wps Office Nov 21, 2024 Mar 17, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
CVE-2022-25969 1Kingsoft 1Wps Office Nov 21, 2024 Mar 17, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
CVE-2022-25949 1Kingsoft 1Internet Security 9 Plus Nov 21, 2024 Mar 17, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.
CVE-2022-25943 1Kingsoft 1Wps Office Nov 21, 2024 Mar 9, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.
CVE-2020-25291 1Kingsoft 1Wps Office Nov 21, 2024 Sep 13, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in...Show more GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.Show less
CVE-2018-7546 1Kingsoft 2Jinshan Pdf Wps Office Nov 21, 2024 Jul 18, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file.
CVE-2018-9151 1Kingsoft 1Internet Security 9 Plus Nov 21, 2024 Mar 30, 2018 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 A NULL pointer dereference bug in the function ObReferenceObjectByHandle in the Kingsoft Internet Security 9+ kernel driver KWatch3.sys allows local non-privileged users to crash the system via IOCTL 0x80030030.
CVE-2012-4886 1Kingsoft 1Office 2012 May 6, 2026 Mar 24, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string.
CVE-2013-5999 1Kingsoft 1Kdrive Apr 29, 2026 Nov 22, 2013 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Kingsoft KDrive Personal before 1.21.0.1880 on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certifi...Show more Kingsoft KDrive Personal before 1.21.0.1880 on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.Show less
CVE-2013-3934 1Kingsoft 2Office 2012 Writer 2012 Apr 29, 2026 Sep 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as used in Kingsoft Office 2013 before 9.1.0.4256, allows remote attackers to execute arbitrary code via a long font name in a WPS file.
CVE-2013-0723 1Kingsoft 1Spreadsheets 2012 Apr 29, 2026 Jul 29, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spreadsheets 2012 8.1.0.3030 allow remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a crafte...Show more Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spreadsheets 2012 8.1.0.3030 allow remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a crafted spreadsheet file.Show less
CVE-2013-0710 1Kingsoft 2Writer 2007 Writer 2010 Apr 29, 2026 Mar 5, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows remote attackers to execute arbitrary code via a crafted RTF document.
CVE-2010-5164 1Kingsoft 1Personal Firewall 9 Apr 29, 2026 Aug 25, 2012 N/A· v4 5.3 MEDIUM· v3 6.2 MEDIUM· v2 Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not bloc...Show more Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to executeShow less
CVE-2012-0321 1Kingsoft 1Internet Security Apr 29, 2026 Mar 2, 2012 N/A· v4 N/A· v3 2.1 LOW· v2 Unspecified vulnerability in the device driver in Kingsoft Internet Security 2011 allows local users to cause a denial of service via a crafted application.

12 Next