Stack-based Buffer Overflow in Kingsoft WPS Office 2012
CVE-2012-4886

Currently unrated

Key Information:

Vendor: Kingsoft
Status: Office 2012
Vendor: CVE Published:; 24 March 2014

What is CVE-2012-4886?

A stack-based buffer overflow vulnerability exists in the wpsio.dll component of Kingsoft WPS Office 2012 (version 8.1.0.3238). This flaw can be exploited by malicious remote attackers to execute arbitrary code by sending a specially crafted long BSTR string. Such an exploit could allow an attacker to take control of the affected system, potentially leading to unauthorized access and data compromise. Users and organizations using this version of WPS Office are recommended to implement security best practices and monitor for any suspicious activity related to this vulnerability.

References

http://packetstormsecurity.com/files/121431/WPS-Office-St...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/83862

vdb-entryx_refsource_XF

http://osvdb.org/92847

vdb-entryx_refsource_OSVDB

EPSS Score

56% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 24, 2014
Vulnerability Reserved
Sep 10, 2012