CVE-2023-31275

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

Published: Nov 27, 2023
Updated: Dec 2, 2023
CVE: CVE-2023-31275
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-908

Affected Software
References

Software	From	Fixed in
kingsoft / wps_office	11.2.0.11537	11.2.0.11537.x

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1748

Vulnerability Database

289,697

CVE-2023-31275