Kaveh Ghaemmaghami has discovered a vulnerability in Kingsoft Writer 2012, which can be exploited by malicious people to compromise a user's system.
Kingsoft Office 2012, Kingsoft Weirwe 2012 8.x
The vulnerability is confirmed in the following products and versions:
* Kingsoft Writer 2012 version 22.214.171.12430.
* Kingsoft Writer 2012 bundled in Kingsoft Office 2012 version 126.96.36.19985.
The vulnerability is caused due to a boundary error in when handling font names and can be exploited to cause a stack-based buffer overflow via a specially crafted WPS file with an overly long font name.
Fixed in Kingsoft Office 2013 version 188.8.131.5256.