Multiple vulnerabilities in KINGSOFT WPS Office and Internet Security
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2022-25949 CVE-2022-26081 CVE-2022-25969 CVE-2022-26511 |
| CWE-ID | CWE-121 CWE-427 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
KINGSOFT Internet Security 9 Plus Client/Desktop applications / Antivirus software/Personal firewalls Installer of WPS Office Other software / Other software solutions WPS Presentation Client/Desktop applications / Office applications |
| Vendor | Kingsoft Corp. |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Stack-based buffer overflow
EUVDB-ID: #VU61398
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-25949
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A local user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsKINGSOFT Internet Security 9 Plus: 2010.06.23.247
External linkshttp://jvn.jp/en/jp/JVN21234459/index.html
http://support.kingsoft.jp/support-info/weakness.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Insecure DLL loading
EUVDB-ID: #VU61399
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26081
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A remote attacker can place a specially crafted .dll file and execute arbitrary code on victim's system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsInstaller of WPS Office: 10.8.0.5745 - 10.8.0.6186
External linkshttp://jvn.jp/en/jp/JVN21234459/index.html
http://support.kingsoft.jp/support-info/weakness.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Insecure DLL loading
EUVDB-ID: #VU61400
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25969
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A remote attacker can place a specially crafted .dll file and execute arbitrary code on victim's system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsInstaller of WPS Office: 10.8.0.5745 - 10.8.0.6186
External linkshttp://jvn.jp/en/jp/JVN21234459/index.html
http://support.kingsoft.jp/support-info/weakness.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Insecure DLL loading
EUVDB-ID: #VU61401
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26511
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A remote attacker can place a specially crafted .dll file and execute arbitrary code on victim's system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWPS Presentation: 11.8.0.5745
External linkshttp://jvn.jp/en/jp/JVN21234459/index.html
http://support.kingsoft.jp/support-info/weakness.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
