Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by KINGSOFT, INC.
JVNDB-2024-000098
Vulnerability from jvndb - Published: 2024-09-06 15:07 - Updated:2024-09-06 15:07
Severity
Summary
Multiple products from KINGSOFT JAPAN vulnerable to path traversal
Details
KINGSOFT JAPAN, INC. provides Kingsoft Office Software's WPS Office and its related products localized for Japan.
WPS Office and its related products provided by KINGSOFT JAPAN, INC. contain a path traversal vulnerability (CWE-22, CVE-2024-7262, CVE-2024-7263)) due to inadequate file path validation by promecefpluginhost.exe.
Note that, a report has been published describing that "WPS Office provided by Kingsoft Office Software is affected to this vulnerability and exploitation is observed".
KINGSOFT JAPAN, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and KINGSOFT JAPAN, INC. coordinated under the Information Security Early Warning Partnership.
WPS Office and its related products provided by KINGSOFT JAPAN, INC. contain a path traversal vulnerability (CWE-22, CVE-2024-7262, CVE-2024-7263)) due to inadequate file path validation by promecefpluginhost.exe.
Note that, a report has been published describing that "WPS Office provided by Kingsoft Office Software is affected to this vulnerability and exploitation is observed".
KINGSOFT JAPAN, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and KINGSOFT JAPAN, INC. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000098.html",
"dc:date": "2024-09-06T15:07+09:00",
"dcterms:issued": "2024-09-06T15:07+09:00",
"dcterms:modified": "2024-09-06T15:07+09:00",
"description": "KINGSOFT JAPAN, INC. provides Kingsoft Office Software\u0026#39;s WPS Office and its related products localized for Japan.\u003cbr /\u003e\r\nWPS Office and its related products provided by KINGSOFT JAPAN, INC. contain a path traversal vulnerability (CWE-22, CVE-2024-7262, CVE-2024-7263)) due to inadequate file path validation by promecefpluginhost.exe.\u003cbr /\u003e\r\n\r\nNote that, a report has been published describing that \u0026quot;WPS Office\u0026nbsp;provided by Kingsoft Office Software is affected to this vulnerability and exploitation is observed\u0026quot;.\u003cbr /\u003e\r\n\r\nKINGSOFT JAPAN, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and KINGSOFT JAPAN, INC. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000098.html",
"sec:cpe": [
{
"#text": "cpe:/a:kingsoft:pdf_pro",
"@product": "KINGSOFT PDF Pro",
"@vendor": "KINGSOFT, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/a:kingsoft:wps_cloud",
"@product": "WPS Cloud",
"@vendor": "KINGSOFT, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/a:kingsoft:wps_cloud_pro",
"@product": "WPS Cloud Pro",
"@vendor": "KINGSOFT, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/a:kingsoft:wps_office2_for_Windows",
"@product": "WPS Office2 for Windows",
"@vendor": "KINGSOFT, INC.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000098",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN32529796/index.html",
"@id": "JVN#32529796",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-7262",
"@id": "CVE-2024-7262",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-7263",
"@id": "CVE-2024-7263",
"@source": "CVE"
},
{
"#text": "https://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office/",
"@id": "Analysis of two arbitrary code execution vulnerabilities affecting WPS Office",
"@source": "Related document"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Multiple products from KINGSOFT JAPAN vulnerable to path traversal"
}
JVNDB-2023-000062
Vulnerability from jvndb - Published: 2023-06-12 12:57 - Updated:2024-04-18 17:49
Severity
Summary
"WPS Office" vulnerable to OS command injection
Details
"WPS Office" which was provided by KINGSOFT JAPAN, INC. contains an OS command injection vulnerability (CWE-78).
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000062.html",
"dc:date": "2024-04-18T17:49+09:00",
"dcterms:issued": "2023-06-12T12:57+09:00",
"dcterms:modified": "2024-04-18T17:49+09:00",
"description": "\"WPS Office\" which was provided by KINGSOFT JAPAN, INC. contains an OS command injection vulnerability (CWE-78).",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000062.html",
"sec:cpe": {
"#text": "cpe:/a:kingsoft:kingsoft_wps_office",
"@product": "WPS Office",
"@vendor": "KINGSOFT, INC.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.6",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "9.0",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000062",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN36060509/index.html",
"@id": "JVN#36060509",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32548",
"@id": "CVE-2023-32548",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32548",
"@id": "CVE-2023-32548",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "\"WPS Office\" vulnerable to OS command injection"
}
JVNDB-2022-000021
Vulnerability from jvndb - Published: 2022-03-16 14:46 - Updated:2022-03-16 14:46
Severity
Summary
Multiple vulnerabilities in KINGSOFT "WPS Office" and "KINGSOFT Internet Security"
Details
"WPS Office" and "KINGSOFT Internet Security" provided by KINGSOFT JAPAN, INC. contain multiple vulnerabilities listed below.
* Stack-based buffer overflow (CWE-121) - CVE-2022-25949
* Insecurely loading Dynamic Link Libraries (CWE-427) - CVE-2022-26081, CVE-2022-25969, CVE-2022-26511
These vulnerabilities are reported by the following reporters, and
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2022-26949: Satoshi Tanda
CVE-2022-26081, CVE-2022-26511: Eiji James Yoshida of Security Professionals Network Inc.
CVE-2022-25969: Tomohisa Hasegawa
References
| Type | URL | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000021.html",
"dc:date": "2022-03-16T14:46+09:00",
"dcterms:issued": "2022-03-16T14:46+09:00",
"dcterms:modified": "2022-03-16T14:46+09:00",
"description": "\"WPS Office\" and \"KINGSOFT Internet Security\" provided by KINGSOFT JAPAN, INC. contain multiple vulnerabilities listed below.\r\n * Stack-based buffer overflow (CWE-121) - CVE-2022-25949\r\n * Insecurely loading Dynamic Link Libraries (CWE-427) - CVE-2022-26081, CVE-2022-25969, CVE-2022-26511\r\n\r\nThese vulnerabilities are reported by the following reporters, and\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-26949: Satoshi Tanda\r\nCVE-2022-26081, CVE-2022-26511: Eiji James Yoshida of Security Professionals Network Inc.\r\nCVE-2022-25969: Tomohisa Hasegawa",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000021.html",
"sec:cpe": [
{
"#text": "cpe:/a:kingsoft:installer_of_kingsoft_wps_office",
"@product": "Installer of WPS Office",
"@vendor": "KINGSOFT, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/a:kingsoft:internet_security_9_plus",
"@product": "KINGSOFT Internet Security 9 Plus",
"@vendor": "KINGSOFT, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/a:kingsoft:wps_presentation",
"@product": "WPS Presentation",
"@vendor": "KINGSOFT, INC.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000021",
"sec:references": [
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/jp/JVN21234459/index.html",
"@id": "JVN#21234459",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-25949",
"@id": "CVE-2022-25949",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-26081",
"@id": "CVE-2022-26081",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-25969",
"@id": "CVE-2022-25969",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-26511",
"@id": "CVE-2022-26511",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-25949",
"@id": "CVE-2022-25949",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-25969",
"@id": "CVE-2022-25969",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-26081",
"@id": "CVE-2022-26081",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-26511",
"@id": "CVE-2022-26511",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in KINGSOFT \"WPS Office\" and \"KINGSOFT Internet Security\""
}
JVNDB-2013-000108
Vulnerability from jvndb - Published: 2013-11-22 17:39 - Updated:2013-11-26 16:02Summary
KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates
Details
KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates.
Yamano Yasuaki of NetAgent Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000108.html",
"dc:date": "2013-11-26T16:02+09:00",
"dcterms:issued": "2013-11-22T17:39+09:00",
"dcterms:modified": "2013-11-26T16:02+09:00",
"description": "KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates.\r\n\r\nYamano Yasuaki of NetAgent Co.,Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000108.html",
"sec:cpe": {
"#text": "cpe:/a:kingsoft:kdrive",
"@product": "KDrive Personal for Windows",
"@vendor": "KINGSOFT, INC.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000108",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN97810280/index.html",
"@id": "JVN#97810280",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5999",
"@id": "CVE-2013-5999",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5999",
"@id": "CVE-2013-5999",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "KDrive Personal for Windows contains an issue where it fails to verify SSL server certificates"
}
JVNDB-2013-000016
Vulnerability from jvndb - Published: 2013-03-01 14:47 - Updated:2013-03-01 14:47Summary
Kingsoft Writer vulnerable to buffer overflow
Details
Kingsoft Writer contains a buffer overflow vulnerability.
Kingsoft Writer is a software to edit document files. Kingsoft Writer contains a buffer overflow vulnerability.
Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000016.html",
"dc:date": "2013-03-01T14:47+09:00",
"dcterms:issued": "2013-03-01T14:47+09:00",
"dcterms:modified": "2013-03-01T14:47+09:00",
"description": "Kingsoft Writer contains a buffer overflow vulnerability.\r\n\r\nKingsoft Writer is a software to edit document files. Kingsoft Writer contains a buffer overflow vulnerability.\r\n\r\nYuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000016.html",
"sec:cpe": {
"#text": "cpe:/a:kingsoft:writer_2010",
"@product": "Kingsoft Writer 2010",
"@vendor": "KINGSOFT, INC.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000016",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN55924624/index.html",
"@id": "JVN#55924624",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0710",
"@id": "CVE-2013-0710",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0710",
"@id": "CVE-2013-0710",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Kingsoft Writer vulnerable to buffer overflow"
}
JVNDB-2012-000019
Vulnerability from jvndb - Published: 2012-03-01 14:03 - Updated:2012-03-01 14:03Summary
Kingsoft Internet Security 2011 vulnerable to denial-of-service
Details
Kingsoft Internet Security 2011 contains a denial-of-service (DoS) vulnerability.
Kingsoft Internet Security 2011 contains a vulnerability in the device driver, which may result in a denial-of-service (DoS).
Satoshi TANDA of Fourteenforty Research Institute Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000019.html",
"dc:date": "2012-03-01T14:03+09:00",
"dcterms:issued": "2012-03-01T14:03+09:00",
"dcterms:modified": "2012-03-01T14:03+09:00",
"description": "Kingsoft Internet Security 2011 contains a denial-of-service (DoS) vulnerability.\r\n\r\nKingsoft Internet Security 2011 contains a vulnerability in the device driver, which may result in a denial-of-service (DoS).\r\n\r\nSatoshi TANDA of Fourteenforty Research Institute Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000019.html",
"sec:cpe": {
"#text": "cpe:/a:kingsoft:internet_security",
"@product": "Kingsoft Internet Security 2011",
"@vendor": "KINGSOFT, INC.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.9",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000019",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN31517714/index.html",
"@id": "JVN#31517714",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0321",
"@id": "CVE-2012-0321",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0321",
"@id": "CVE-2012-0321",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Kingsoft Internet Security 2011 vulnerable to denial-of-service"
}