Filtered by vendor Kingsoft
Subscribe
Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-5164 | 2 Kingsoft, Microsoft | 2 Personal Firewall 9, Windows Xp | 2024-04-11 | 6.2 MEDIUM | N/A |
| Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | |||||
| CVE-2023-31275 | 1 Kingsoft | 1 Wps Office | 2023-12-10 | N/A | 7.8 HIGH |
| An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-32548 | 1 Kingsoft | 1 Wps Office | 2023-12-10 | N/A | 8.1 HIGH |
| OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed. | |||||
| CVE-2022-26511 | 1 Kingsoft | 1 Wps Presentation | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading). | |||||
| CVE-2022-26081 | 1 Kingsoft | 1 Wps Office | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. | |||||
| CVE-2022-25949 | 1 Kingsoft | 1 Internet Security 9 Plus | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow. | |||||
| CVE-2022-25943 | 1 Kingsoft | 1 Wps Office | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. | |||||
| CVE-2022-25969 | 1 Kingsoft | 1 Wps Office | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. | |||||
| CVE-2020-25291 | 1 Kingsoft | 1 Wps Office | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x. | |||||
| CVE-2018-7546 | 1 Kingsoft | 2 Jinshan Pdf, Wps Office | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file. | |||||
| CVE-2018-9151 | 1 Kingsoft | 1 Internet Security 9 Plus | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference bug in the function ObReferenceObjectByHandle in the Kingsoft Internet Security 9+ kernel driver KWatch3.sys allows local non-privileged users to crash the system via IOCTL 0x80030030. | |||||
| CVE-2012-4886 | 1 Kingsoft | 1 Office 2012 | 2023-12-10 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string. | |||||
| CVE-2013-3934 | 1 Kingsoft | 2 Office 2012, Writer 2012 | 2023-12-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as used in Kingsoft Office 2013 before 9.1.0.4256, allows remote attackers to execute arbitrary code via a long font name in a WPS file. | |||||
| CVE-2013-0710 | 1 Kingsoft | 2 Writer 2007, Writer 2010 | 2023-12-10 | 9.3 HIGH | N/A |
| Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows remote attackers to execute arbitrary code via a crafted RTF document. | |||||
| CVE-2013-0723 | 1 Kingsoft | 1 Spreadsheets 2012 | 2023-12-10 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spreadsheets 2012 8.1.0.3030 allow remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a crafted spreadsheet file. | |||||
| CVE-2013-5999 | 1 Kingsoft | 1 Kdrive | 2023-12-10 | 5.8 MEDIUM | N/A |
| Kingsoft KDrive Personal before 1.21.0.1880 on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2010-3396 | 1 Kingsoft | 1 Kingsoft Antivirus | 2023-12-10 | 7.2 HIGH | N/A |
| Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-0321 | 1 Kingsoft | 1 Internet Security | 2023-12-10 | 2.1 LOW | N/A |
| Unspecified vulnerability in the device driver in Kingsoft Internet Security 2011 allows local users to cause a denial of service via a crafted application. | |||||
| CVE-2011-0515 | 2 Kingsoft, Kingsoftsecurity | 2 Kingsoft Antivirus, Kingsoft Antivirus | 2023-12-10 | 2.1 LOW | N/A |
| KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 allows local users to cause a denial of service (crash) via a crafted request that is not properly handled by the KiFastCallEntry hook. | |||||
| CVE-2010-2031 | 1 Kingsoft | 1 Webshield | 2023-12-10 | 7.2 HIGH | N/A |
| KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3.5.1.2 and earlier, allows local users to overwrite arbitrary kernel memory via a crafted request to IOCTL 0x830020d4 on the KAVSafe device. | |||||