Kaveh Ghaemmaghami has discovered a vulnerability in Kingsoft Writer 2012, which can be exploited by malicious people to compromise a user's system.
Kingsoft Office 2012, Kingsoft Weirwe 2012 8.x
The vulnerability is confirmed in the following products and versions:
* Kingsoft Writer 2012 version 188.8.131.5230.
* Kingsoft Writer 2012 bundled in Kingsoft Office 2012 version 184.108.40.20685.
The vulnerability is caused due to a boundary error in when handling font names and can be exploited to cause a stack-based buffer overflow via a specially crafted WPS file with an overly long font name.
Fixed in Kingsoft Office 2013 version 220.127.116.1156.