Login Sign Up

CVE-2023-31275

8.8 HIGH
Remote Code Execution

📋 TL;DR

An uninitialized pointer vulnerability in WPS Office's Excel file parser allows remote code execution when opening malicious files. Attackers can craft Excel files that exploit this flaw to execute arbitrary code on the victim's system. Users of WPS Office 11.2.0.11537 are affected.

💻 Affected Systems

Products:
  • WPS Office
Versions: 11.2.0.11537
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of the affected version are vulnerable when opening Excel files. No special configuration required for exploitation.

📦 What is this software?

Wps Office by Kingsoft

View all CVEs affecting Wps Office →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the victim's computer, data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Remote code execution leading to malware installation, data exfiltration, or system disruption when users open malicious Excel files.

🟢

If Mitigated

Limited impact with proper email filtering, user awareness training, and application sandboxing preventing successful exploitation.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (opening a malicious file) but the vulnerability itself is unauthenticated. Weaponization is likely given the RCE nature and CVSS score.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.2.0.11538 or later

Vendor Advisory: https://www.wps.com/security/advisories

Restart Required: No

Instructions:

1. Open WPS Office
2. Go to Help > Check for Updates
3. Install available updates
4. Verify version is 11.2.0.11538 or newer

🔧 Temporary Workarounds

Disable Excel file opening

all

Temporarily block Excel file extensions from opening in WPS Office

Windows: assoc .xlsx=
Windows: assoc .xls=
Linux/macOS: Remove file associations for Excel formats

Use alternative office suite

all

Temporarily use Microsoft Office, LibreOffice, or Google Sheets for Excel files

🧯 If You Can't Patch

  • Implement application whitelisting to block WPS Office execution
  • Deploy email/web filtering to block Excel attachments from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check WPS Office version in Help > About WPS Office. If version is exactly 11.2.0.11537, system is vulnerable.

Check Version:

Windows: wps.exe --version (if available) or check Help > About

Verify Fix Applied:

Verify version is 11.2.0.11538 or newer in Help > About WPS Office.

📡 Detection & Monitoring

Log Indicators:

  • WPS Office crash logs with memory access violations
  • Unexpected child processes spawned from WPS Office
  • Excel file openings followed by unusual network connections

Network Indicators:

  • Outbound connections from WPS Office to unknown IPs after file opening
  • DNS requests for suspicious domains after Excel file processing

SIEM Query:

process_name:"wps.exe" AND (event_id:1000 OR event_id:1001) AND description:"access violation"

📊 Metadata

CVE ID: CVE-2023-31275
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-457
Published: November 27, 2023
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31275, you might also want to check these:

CVE-2025-54874 9.8

This vulnerability in OpenJPEG allows an attacker to write data beyond allocated heap memory boundar...

Same vulnerability type (CWE-457)
CVE-2022-40510 9.8

CVE-2022-40510 is a critical memory corruption vulnerability in Qualcomm audio components that allow...

Same vulnerability type (CWE-457)
CVE-2022-21217 9.8

CVE-2022-21217 is a critical out-of-bounds write vulnerability in Reolink RLC-410W IP cameras that a...

Same vulnerability type (CWE-457)