RSS   Vulnerabilities for 'Wps office'   RSS

2022-03-23
 
CVE-2022-24934

NVD-CWE-noinfo
 

 
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.

 
2020-01-14
 
CVE-2014-2271

CWE-20
 

 
cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic.

 


Copyright 2024, cxsecurity.com

 

Back to Top