Vulnerabilities (CVE)

Filtered by vendor Kingsoft Subscribe
Total 23 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-31275 1 Kingsoft 1 Wps Office 2024-11-21 N/A 8.8 HIGH
An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-26511 1 Kingsoft 1 Wps Presentation 2024-11-21 6.8 MEDIUM 7.8 HIGH
WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading).
CVE-2022-26081 1 Kingsoft 1 Wps Office 2024-11-21 6.8 MEDIUM 7.8 HIGH
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
CVE-2022-25969 1 Kingsoft 1 Wps Office 2024-11-21 6.8 MEDIUM 7.8 HIGH
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
CVE-2022-25949 1 Kingsoft 1 Internet Security 9 Plus 2024-11-21 7.2 HIGH 7.8 HIGH
The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.
CVE-2022-25943 1 Kingsoft 1 Wps Office 2024-11-21 4.6 MEDIUM 7.8 HIGH
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.
CVE-2020-25291 1 Kingsoft 1 Wps Office 2024-11-21 6.8 MEDIUM 7.8 HIGH
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.
CVE-2018-9151 1 Kingsoft 1 Internet Security 9 Plus 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
A NULL pointer dereference bug in the function ObReferenceObjectByHandle in the Kingsoft Internet Security 9+ kernel driver KWatch3.sys allows local non-privileged users to crash the system via IOCTL 0x80030030.
CVE-2018-7546 1 Kingsoft 2 Jinshan Pdf, Wps Office 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file.
CVE-2013-5999 1 Kingsoft 1 Kdrive 2024-11-21 5.8 MEDIUM N/A
Kingsoft KDrive Personal before 1.21.0.1880 on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-3934 1 Kingsoft 2 Office 2012, Writer 2012 2024-11-21 9.3 HIGH N/A
Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as used in Kingsoft Office 2013 before 9.1.0.4256, allows remote attackers to execute arbitrary code via a long font name in a WPS file.
CVE-2013-0723 1 Kingsoft 1 Spreadsheets 2012 2024-11-21 9.3 HIGH N/A
Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spreadsheets 2012 8.1.0.3030 allow remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a crafted spreadsheet file.
CVE-2013-0710 1 Kingsoft 2 Writer 2007, Writer 2010 2024-11-21 9.3 HIGH N/A
Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows remote attackers to execute arbitrary code via a crafted RTF document.
CVE-2012-4886 1 Kingsoft 1 Office 2012 2024-11-21 10.0 HIGH N/A
Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string.
CVE-2012-0321 1 Kingsoft 1 Internet Security 2024-11-21 2.1 LOW N/A
Unspecified vulnerability in the device driver in Kingsoft Internet Security 2011 allows local users to cause a denial of service via a crafted application.
CVE-2011-0515 2 Kingsoft, Kingsoftsecurity 2 Kingsoft Antivirus, Kingsoft Antivirus 2024-11-21 2.1 LOW N/A
KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 allows local users to cause a denial of service (crash) via a crafted request that is not properly handled by the KiFastCallEntry hook.
CVE-2010-5164 2 Kingsoft, Microsoft 2 Personal Firewall 9, Windows Xp 2024-11-21 6.2 MEDIUM 5.3 MEDIUM
** DISPUTED ** Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
CVE-2010-3396 1 Kingsoft 1 Kingsoft Antivirus 2024-11-21 7.2 HIGH N/A
Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information.
CVE-2010-2031 1 Kingsoft 1 Webshield 2024-11-21 7.2 HIGH N/A
KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3.5.1.2 and earlier, allows local users to overwrite arbitrary kernel memory via a crafted request to IOCTL 0x830020d4 on the KAVSafe device.
CVE-2008-1307 1 Kingsoft 1 Antivirus Online Update Module 2024-11-21 10.0 HIGH N/A
Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in UpdateOcx2.dll in Beijing KingSoft Antivirus Online Update Module 2007.12.29.29 allows remote attackers to execute arbitrary code via a long argument to the SetUninstallName method.