Kaveh Ghaemmaghami has discovered a vulnerability in Kingsoft Writer 2012, which can be exploited by malicious people to compromise a user's system.
Kingsoft Office 2012, Kingsoft Weirwe 2012 8.x
The vulnerability is confirmed in the following products and versions:
* Kingsoft Writer 2012 version 220.127.116.1130.
* Kingsoft Writer 2012 bundled in Kingsoft Office 2012 version 18.104.22.16885.
The vulnerability is caused due to a boundary error in when handling font names and can be exploited to cause a stack-based buffer overflow via a specially crafted WPS file with an overly long font name.
Fixed in Kingsoft Office 2013 version 22.214.171.12456.