CVE-2023-31275

Summary

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
WPSWPS Office11.2.0.11537affected

Weaknesses

  • CWE-457: CWE-457: Use of Uninitialized Variable

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References