OS Command Injection Vulnerability in WPS Office by Kingsoft
CVE-2023-32548

8.1HIGH

Key Information:

Vendor: KINGSOFT JAPAN, INC.
Status: WPS Office
Vendor: CVE Published:; 13 June 2023

🔔 Create KINGSOFT JAPAN, INC. Vulnerability Alert

What is CVE-2023-32548?

An OS command injection vulnerability is present in WPS Office version 10.8.0.6186. This issue arises when a remote attacker, utilizing a man-in-the-middle attack, connects the WPS Office application to a malicious server. By sending specially crafted messages, the attacker can execute arbitrary operating system commands on the system running the application, potentially compromising the device's security and leading to further exploits.

Affected Version(s)

WPS Office version 10.8.0.6186

References

https://support.kingsoft.jp/about/20230605.html

https://jvn.jp/en/jp/JVN36060509/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2023
Vulnerability Reserved
May 11, 2023