Vulnerabilites related to KINGSOFT JAPAN, INC. - The installer of WPS Office
cve-2022-26081
Vulnerability from cvelistv5
Published
2022-03-17 17:15
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.kingsoft.jp/support-info/weakness.html | x_refsource_CONFIRM | |
| https://jvn.jp/en/jp/JVN21234459/ | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KINGSOFT JAPAN, INC. | The installer of WPS Office |
Version: Reported for Version 10.8.0.5745 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "The installer of WPS Office",
"vendor": "KINGSOFT JAPAN, INC.",
"versions": [
{
"status": "affected",
"version": "Reported for Version 10.8.0.5745"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: insecurely loading Dynamic Link Libraries",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T17:15:54",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-26081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "The installer of WPS Office",
"version": {
"version_data": [
{
"version_value": "Reported for Version 10.8.0.5745"
}
]
}
}
]
},
"vendor_name": "KINGSOFT JAPAN, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: insecurely loading Dynamic Link Libraries"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kingsoft.jp/support-info/weakness.html",
"refsource": "CONFIRM",
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-26081",
"datePublished": "2022-03-17T17:15:54",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25969
Vulnerability from cvelistv5
Published
2022-03-17 17:15
Modified
2024-08-03 04:56
Severity ?
EPSS score ?
Summary
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.kingsoft.jp/support-info/weakness.html | x_refsource_CONFIRM | |
| https://jvn.jp/en/jp/JVN21234459/ | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KINGSOFT JAPAN, INC. | The installer of WPS Office |
Version: Reported for Version 10.8.0.6186 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:36.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "The installer of WPS Office",
"vendor": "KINGSOFT JAPAN, INC.",
"versions": [
{
"status": "affected",
"version": "Reported for Version 10.8.0.6186"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: insecurely loading Dynamic Link Libraries",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T17:15:38",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-25969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "The installer of WPS Office",
"version": {
"version_data": [
{
"version_value": "Reported for Version 10.8.0.6186"
}
]
}
}
]
},
"vendor_name": "KINGSOFT JAPAN, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: insecurely loading Dynamic Link Libraries"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kingsoft.jp/support-info/weakness.html",
"refsource": "CONFIRM",
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-25969",
"datePublished": "2022-03-17T17:15:38",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-03T04:56:36.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}